Authentication  times  two  Financial  institutions 

turn  to  two-factor  authentication  in  advance  of  possible  mandate.  PAGE  9. 


Heeding  the  call  SMBs  are  embracing  hosted 

VoIP  services,  but  bigger  companies  are  a  tougher  sell.  PAGE  29. 
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A  Wider  Net 


Share  at  50:  IBM  users 
still  sticking  together 


Group  marks  half-century  of  influence, 
collegiality,  good  cheer  —  and  buttons. 


I  BY  ANN  BEDNARZ 


A 


NAHE1M,  CALIF — Twice  a  year  the  Button 
Man  dons  his  lab  coat,  weighted  down 


with  pins,  for  a  singalong  with  a  few 
hundred  other  crooners  who  share  a 
common  affinity  for 
IBM  technology. 

The  biannual  sing¬ 
along  is  held  on  the 
Thursday  night  before  the 
closing  sessions  of  each  Share  conference. The 
buttons  are  a  tradition  not  quite  as  old  as  the 
nonprofit  Share  organization  itself,  whose 
members  convened  last  week  in  Anaheim  and 

See  Share,  page  10 


■  IBM  users 
share  early  tech¬ 
nology  adoption 
experiences. 
Page  12. 
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Microsoft,  Sun  tiff 

users  in  bind 


puts 

■  BY  JOHN  FONTANA 

Nearly  a  year  after  promising  to 
make  their  directory  and  single 
sign-on  technologies  work  to¬ 
gether,  Microsoft  and  Sun  have 
delivered  little  —  a  stalemate  that 
exposes  an  industry  rift  over  iden¬ 
tity  standards  that  is  costing  users 
money 

While  the  pair  has  agreed  to 
some  basic  platform  support,  the 
work  to  integrate  protocols  for 
sharing  identities  among  compa¬ 
nies,  so-called  identity  sharing, 
has  stalled,  according  to  sources. 


The  fallout,  users  say  is  complicat¬ 
ing  identity  federation  and  add¬ 
ing  costs  as  users  hoping  to  con¬ 
nect  with  one  another  bear  the 
brunt  of  integrating  competing 
standards. 

A  clash  of  wills  between  Micro¬ 
soft  and  Sun  over  identity  stan¬ 
dards  has  continued  despite  last 
spring’s  very  public  reconcilia¬ 
tion  between  the  vendors,  which 
involved  a  $1.6  billion  settlement 
related  to  patent  and  antitrust 
issues. 

Sun  is  a  major  proponent  of  the 
Security  Assertion  Markup  Lan¬ 


guage  (SAML)  standard,  which 
has  been  adopted  by  users  such 
as  Boeing,  Fidelity  Investments 
and  the  federal  government  for 
its  E-Authentication  Initiative.  Sun 
also  supports  the  Liberty  Alli¬ 
ance,  a  consortium  of  users  and 
vendors  it  helped  launch  that  is 
developing  federation  specifica¬ 
tions.  Those  two  protocols  along 
with  Shibboleth,  an  effort  to  cre¬ 
ate  federated  identity  standards 
for  lnternet2,  are  merging  in 
SAML  2.0,  which  is  nearing  stan¬ 
dardization  at  the  Organization 
See  Stalemate,  page  16 


CLEAR  CHOICE  TEST 


P  Wireless  firewall 

Juniper  scores  with  WLAN 


■  BY  JOEL  SNYDER,  NETWORK 
WORLD  LAB  ALLIANCE 

With  the  announcement  of  its 
NetScreen-5GT  Wireless  firewall 
this  week,  Juniper  has  firmly  (and 
finally)  jumped  on  the  wireless 
bandwagon. 

In  our  exclusive  Network  World 
Clear  Choice  Test,  we  found  the 
NetScreen-5GT  Wireless  to  be  a 


Juniper  adds  flexibility  with  its 
NetScreen-5GT  Wireless. 


clean  melding  of  a  trusted,  full- 
featured  firewall  to  a  secure  wire¬ 
less  access  point. 


protector 

The  NetScreen-5GT  Wireless 
makes  a  bold  statement  in  the 
world  of  firewalls  targeted  at  the 
small  and  midsize  business 
(SMB)  and  remote  site  markets. 
Although  Check  Point,  SonicWall, 
WatchGuard  and  Fortinet  all  have 
added  wireless  technology  to 
their  lower-end  boxes,  none  has 
brought  the  same  level  of  flexibil¬ 
ity  as  Juniper  when  it  comes  to 
support  for  wireless  LANs 
(WLAN),  authentication  technol¬ 
ogy  and  security  policies. 

Our  test  centered  on  the  prod¬ 
uct’s  wireless  features  and  capa¬ 
bilities.  It  is  well  suited  for 
sophisticated  wireless  environ¬ 
ments,  where  multiple  security 
zones  and  authentication  sys¬ 
tems  are  required  within  a 
See  Juniper,  page  15 
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SAS,  the  leader  in  business  intelligence  software,  asks... 


BBSS 


SERVICE  LEVEL  management 


RESOURCE  MANAGEMENT 


CHARGE  MANAGEMENT 


VALUE  MANAGEMENT 


No  business  wants  to  believe  it’s  wasting  precious  IT  dollars.  So  if  executives  and  co-workers  grumble  about  IT  service, 
and  you’re  convinced  those  services  could  be  put  to  better  use,  let  SAS  help.  With  SAS®  IT  Management  solutions, 
you  can  measure,  manage,  understand  and  communicate  the  quality  of  every  IT  service  more  accurately.  You’ll 
know  precisely  how  your  business  is  using  IT  resources.  Ensure  maximum  performance  and  response  times.  Predict 
strategic  and  financial  trends.  And  clearly  visualize  the  value  of  IT  from  business,  revenue  and  profit  perspectives. 
Visit  our  Web  site  to  learn  more  and  read  our  free  white  paper,  Align  IT  with  Business  and  Budget  Strategies. 
Or  call  us  toll  free  1  866  731  1364. 


www.sas.com/spent 


Author  Nicholas  Carr  and  top  business  influences  join  in  a  lively  discussion  about  his  controversial  book,  Does  IT  Matter? 
Check  out  our  Web  site  for  more  on  this  informative,  on-demand  Web  seminar. 
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Enterprise  search: 

Mark  Pepin  is  using  search  technology  to  boost 
e-commerce  at  Christian  Book  Distributors. 
Companies  are  also  finding  that  search  tools  can 
help  unlock  information  buried  in  internal 
databases.  Page  38. 
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Outsourcing  IT:  Business  leaders 
eye  external  providers  to  cut  costs, 
but  there  are  ways  to  take  com¬ 
mand  of  the  process. 


Web  services  take  off: 

Microsoft’s  Virtual  Server  2005  is  a 
handy  tool  for  creating  multiple 
instances  of  Windows  on  one  piece  of 
hardware.  Page  42. 
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Breaking  News 
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Available  only  on  Fusion 

Network  World  Renovator  Award: 

Call  for  Entries 

Have  you  overhauled  your  network  and  realized  a  substantial 
return  on  the  investment,  discovered  a  significant  new  business 
opportunity  or  found  a  creative  way  to  leverage  technology?  If  so, 
get  in  the  running  for  Network  World's  new  Renovator  Award,  the 
winners  of  which  will  be  honored  at  a  celebration  in  Las  Vegas 
during  NetWorld+ Interop  May  3-5.  DocFinder:  6093 

Cali  for  Entries:  The  New  Data  Center 
Awards 

Network  World  and  AFCOM,  the  leading  association  for  data  cen¬ 
ter  professionals,  have  teamed  to  honor  innovative  IT  managers 
and  cutting-edge  data  centers  with  our  New  Data  Center  Awards. 
Enter  by  March  18  for  the  foliowing  honors:  Data  Center  Manager 
of  the  Year,  Data  Center  of  the  Year  and  Secure  Data  Center. 
DocFinder:  6132 

Gearblog 

Popular  Network  World  columnist  Mark  Gibbs  comes  to  you  online 
with  Gearblog,  which  promises:  “a  stream  of  geeky,  techie  stuff 
about  computers  and  networking."  DocFinder:  6133 

This  week  at  Network  Life:  The  Expert's 
Guide  to  the  Connected  Home 

Every  day,  Network  Life  offers  everything  you  need  to  know  to 
keep  your  —  and  your  family's  and  friends’  —  home  network 
humming.  Get  the  latest  news,  opinions,  reviews,  how-tos  and 
more.  DocFinder:  4838 

Network  World  Fusion  Radio 

Get  the  inside  scoop  on  hot  technology  issues,  such  as  inexpen¬ 
sive  servers,  WiMAX,  network  security  design  and  more.  Stream 
the  sessions  to  your  desktop  or  download  them  as  MP3s  for  later 
use.  DocFinder:  5942 


Online  help  and  advice 

Nutter's  Help  Desk 

Creating  a  small  VPN 

Help  Desk  Guru  Ron  Nutter  helps  a  nonprofit  set  up  an  affordable 
VPN  for  its  distributed  staff.  DocFinder:  6134 

Security  Chief 

The  great  equivocation 

Columnist  Deb  Radcliff  on  whether  Microsoft  will  adopt  the  International 
Domain  Name  standard  for  Internet  Explorer.  DocFinder:  6135 

Telework  Beat 

Virtual  call  centers  validated 

Net, Worker  Managing  Editor  Toni  Kistner  says  at  last  forecasts 
and  recommendations  from  the  experts  back  up  the  momentum 
surrounding  virtual  call  centers.  DocFinder:  6136 

Home  LAN  Adventures 

Building  a  media  center,  Part  3 

Senior  Tests  Editor  Keith  Shaw  investigates  why  his  media  center 
video  feed  is  jerky  and  discovers  HomePlug  is  the  problem. 

DocFinder:  6137 

Small  Business  Tech 

Storage  vendors  target  SMBs 

Columnist  James  Gaskin  examines  a  small  school's  storage  needs  and 
assesses  who  needs  a  SAN  and  who  doesn't.  DocFinder:  6158 

Seminars  and  Events 

Wireless  &  Mobility:  Commanding  Broadband  Everywhere 

Just  when  technology  solves  the  complexities  of  anytime-anywhere 
wireless  broadband,  corporations  are  suddenly  paralyzed  by  uncertainty 
about  their’  own  wireless  networks.  Which  devices?  Which  apps?  And 
why?  Find  out  first  at  this  free  Tech  Tour  event.  DocFinder:  6139 
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CA  warns  of  security  risk 

■  Computer  Associates  last  week  issued  a  warning  about  security 
holes  in  its  software  tool  designed  to  help  customers  manage  soft¬ 
ware  licenses.  The  holes  are  in  CA  License  software  versions  1.53 
through  1.61.8  for  a  number  of  platforms,  which  include  Microsoft’s 
Windows,  Sun’s  Solaris,  Apple’s  OS  X,  Unix  and  Linux.  The  server 
component  is  disabled  by  default  when  it  is  shipped,  but  the 
License  Client  is  enabled  by  default  on  most  CA  software.  This  in¬ 
creases  the  chances  for  successful  attacks.  Security  firms  eEye 
Digital  Security  and  iDefense  discovered  many  serious  flaws,  in¬ 
cluding  buffer-overflow  vulnerabilities,  which  could  let  remote 
attackers  run  malicious  code  on  servers  or  clients  that  run  the 
license  software.  In  some  cases,  firewall  software  can  be  used  to 
block  attacks  targeting  the  vulnerabilities.  However, customers  need 
to  apply  License  software  patches  for  affected  versions  of  the 
License  Server  or  License  Client.  Alternatively  customers  can 
upgrade  from  affected  software  versions  to  CA  License  Version 
1.61. 9,  which  does  not  contain  the  holes,  according  to  CA. 

EMC  tops  HP  in  disk-based  storage 

■  EMC  overtook  HP  to  become  the  top  seller  of  external  disk-based  storage  systems  in 
2004, according  to  IDC.With  just  less  than  $3  billion  in  revenue, up  18.4%  from  2003, EMC 
had  21.1%  of  the  market  when  measured  by  revenue.  HP’s  sales  were  $2.6  billion,  down 
6.3%  year-over-year,  giving  it  an  18.7%  share  of  the  market.“This  is  the  first  time  since  HP 
acquired  Compaq  that  EMC  has  come  back  to  overtake  external  storage,”  says  Brad 
Nisbet,a  program  manager  at  IDCCEMC  is  firing  on  all  cylinders.”  IBM  and  Hitachi  Data 
Systems  were  ranked  third  and  fourth  for  the  year,  with  sales  of  $1.8  billion  and  $1.2  bil¬ 
lion,  respectively  Dell,  ranked  fifth,  was  the  fastest-growing  vendor  of  external  storage  sys¬ 
tems  for  the  year.  Dell’s  revenue  was  $994  million,  up  18.7%  from  its  2003  total.  Overall, 
sales  of  external  disk-based  storage  systems  were  up  4.7%  for  the  year,  totaling  $14.2  bil¬ 
lion,  but  that  growth  slowed  to  less  than  1%  during  the  fourth  quarter. 

Microsoft  wins  new  trial  in  patent  suit 

Si  An  appeals  court  last  week  threw  out  a  $520.6  million  patent  infringement  judgment 
against  Microsoft  and  ordered  a  new  trial  in  the  dispute  brought  by  Eolas Technologies. 
The  ruling  has  both  sides  claiming  victory  The  appeals  court  ordered  a  lower  court  to 
hold  a  new  trial  concerning  the  validity  of  the  patent  involved  in  the  case,  but  upheld 

C  OMPENDI  IJ  M 

Soothing  server  watching 

LavaPS  is  a  utility  fur  monitoring  processes  on  a  Linux  or  Unix  server.  Only  instead  of 
shewing  a  boring  text  list,  it  shows  GPU  usage  as  a  series  of  blobs  in  a  Lava  Lamp: 
"Each  blob  represents  a  process.  Blob  size  is  proportional  to  memory  usage. 
Movement  is  proportional  to  GPU  usage.  Color  is  a  combination  of  program  name 
[which  decided  the  hue]  and  time  since  the  program  last  ran  [which  decides  satura¬ 
tion).’’  Download  it  at  www.nwfusion.com,  DocFinder:  6142. 


■  TheGoodfheBatfT 

<§>  Good  knight  Bill. 

Microsoft's  Bill  Gates  last  week 
received  an  honorary  knighthood 
from  Queen  Elizabeth  II  in  a  moony 
at  Buckingham  Palace.  Ho  was 
recognized  for  his  contributions  to 
employment  and  efforts  to  reduce 
poverty  worldwide.  > 


."A 


Itanium  misgivings.  Intel  Chairman  Craig  Barrett  conceded  last  week 
that  the  Intanium  chip  has  a  future  in  high-end  servers  but  that  the  market  for  the 
chip  is  far  smaller  than  originally  envisioned.  “Would  I  have  liked  [Itanium]  to  ramp 
faster?  Duh,"  Barrett  said. 


#  A  bad  Bagle.  Anti-virus  software  companies  are  warning  their  customers 
about  the  appearance  of  at  least  one  new  version  of  the  Bagle  worm  that  doesn't 
try  to  replicate  itself  but  installs  malicious  remote  monitoring  software  on  systems 
it  infects.  The  new  variant,  Bagle.BB,  is  spreading  in  massive  spam  e-mail  campaigns. 


the  lower  court’s  finding  that  Microsoft  infringed  upon  the  patent  and  upheld  the  dam¬ 
ages,  according  to  the  University  of  California,  which  joined  Eolas  in  the  lawsuit.  In  the 
case,  Eolas  and  the  university  accused  Microsoft  of  improperly  including  technology  in 
the  Internet  Explorer  Web  browser  that  allows  interactive  content  to  be  embedded  in  a 
Web  site,  a  common  practice  on  the  Internet.  A  jury  in  August  2003  ruled  against  Micro¬ 
soft.  The  ruling  triggered  an  outcry  from  experts,  who  argued  that  the  patent  should  be 
invalid  because  of  prior  art,  or  examples  of  the  technology’s  use  before  the  patent  was 
issued. 

Tax  breaks  eyed  for  proper  PG  disposal 

■  Two  U.S.  senators  last  week  introduced  legislation  that  would  give  tax  breaks  to  indi¬ 
viduals  and  businesses  that  safely  dispose  of  computers  and  other  worn-out  electronic 
devices.  The  Electronic  Waste  Recycling  and  Promotion  and  Consumer  Protection  Act 
of  2005  would  create  incentives  for  a  nationwide  recycling  infrastructure  for  computers, 
monitors  and  television  sets, said  senators  Ron  Wyden  (D-Ore.)  and  Jim  Talent  (R-Mo.). 
The  e-waste  recycling  bill  would  establish  an  $8-per-piece  tax  credit  for  companies  that 
recycle  at  least  5,000  monitors  or  computer  units  per  year.  Individuals  who  use  qualified 
recyclers  to  dispose  of  computers  or  TV  sets  would  receive  a  $15  tax  credit.The  bill  also 
would  prohibit  the  disposal  in  a  municipal  solid  waste  landfill  of  any  electronic  equip¬ 
ment  containing  a  display  screen  greater  than  4  inches  or  any  computer  system,  begin¬ 
ning  three  years  after  the  bill  is  passed.  The  prohibition  would  take  effect  only  if  the 
administrator  of  the  Environmental  Protection  Agency  finds  that  a  majority  of  U.S. 
households  have  reasonable  access  to  e-waste  recycling. 


BECAUSE  HYBRID  IS 
ACTUALLY  NOT  A  SOLUTION. 

(EXCEPT  FOR  CARS.) 


Hybrid  is  as  hybrid  does.  And  when  it  comes  to  IP  Communications,  hybrid  doesn't  do  much  more  than  compromise.  Hybrid  doesn't  do  seamless 
failover.  Doesn't  do  scalability.  Doesn't  do  end-to-end  security.  Ditto  for  remote  upgrades.  So  if  it's  a  car,  go  hybrid.  If,  however,  it's  a  networking 
and  communications  strategy  you're  driving,  make  sure  you  drive  the  integrated,  secure,  end-to-end  solution:  To  learn  more  about  Cisco  IP 
Communications  solutions  or  to  find  a  service  provider  that  offers  these  managed  services  over  a  Cisco  Powered  Network,  visit  cisco.com/domore. 
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NetApp  upgrading 
file  server  OS 


New  capabilities  to  support  Linux  clusters, 


■  BY  DENI  CONNOR 


Network  Appliance  is  readying 
an  upgrade  to  the  software  at  the 
heart  of  its  network  file  servers, 
and  the  first  beneficiaries  could 
be  organizations  running  Linux 
clusters. 

Data  OnTap  Next  Generation 
(NG),a  follow-on  to  Version  7G, 
will  be  phased  in  over  the  next 
two  years.  Among  other  things,  it 
will  let  companies  build  Linux 
clusters  that  can  store  and 
access  data  across  multiple 
servers  and  file  systems.  It  also 
will  help  provide  a  common 
management  interface  and  fail¬ 
over,  Network  Appliance  says. 

Currently,  many  clustering 
shops  distribute  large  files  and 
directories  across  separate 
servers  and  storage  systems, 
each  of  which  is  managed  sepa¬ 
rately  the  vendor  says. 

The  revised  Network  Appli¬ 
ance  operating  system  will  in¬ 
corporate  aspects  of  the  soft¬ 
ware  used  in  the  company’s 
SpinServer  appliances,  obtained 
via  the  $300  million  acquisition 
of  Spinnaker  Networks  in  No¬ 
vember  2003. 

These  devices  sit  between 
Linux  clusters  and  the  sort  of 
network-attached  storage  (NAS) 
systems  in  which  Network 
Appliance  has  made  its  name. 
(With  a  37%  share  in  last  year’s 
fourth  quarter,  the  company 
leads  EMC  and  the  rest  of  the 
NAS  market,  according  to  IDC.) 

Devices  running  Data  OnTap 
NG  initially  will  find  a  home  at 
organizations  running  high-per¬ 
formance  computing  systems, 
such  as  biotechnology  outfits 
and  research  labs,  says  Dave 
Hitz,  co-founder  and  executive 
vice  president  of  Network  Appli¬ 
ance.  Further  out,  the  software 
will  make  its  way  into  all  sorts  of 
companies  looking  to  virtualize 
storage  and  consolidate  data 
management,  he  says. 

“NAS  installations  are  getting 
so  big  that  enterprise  organiza¬ 
tions  want  to  be  able  to  consoli¬ 
date  their  management  activity 
and  get  better  scalability’  says 
Brian  Babineau,  an  analyst  at 
Enterprise  Strategy  Group. 

Others  competing  in  this  field 
include  Cluster  File  Systems  and 
Panasas. 

In  integrating  its  OnTap  soft- 


New  operatin  system 
software  on  t  'k 
Applianc  file  servers  and 
S  inServer  appliances  will 
let  cusl  mers  wi  h  Linux 
clusters  create  centrally 
managed  file  systems  that 
work  across  Linux  servers 
and  nei  irk-attached 
storage  devices. 


L  inux  r  clusters 


Gigabit  Ethernet  switch 


Network  Ap  lance 
SpinServer  devices 


Gigabit  Ethernet  switch 


Netwi  k  Appliance  file  servers 


ware  with  Spinnaker’s  technol¬ 
ogy,  Network  Appliance  this  year 
is  bringing  data-protection  capa¬ 
bilities,  such  as  SnapLock  and 
SnapMirror,  to  the  SpinServers. 
Network  Appliance  also  has 
settled  on  keeping  its  storage 
hardware  and  phasing  out 
Spinnaker’s. 

By  the  end  of  next  year,  Net¬ 
work  Appliance  says  it  intends  to 
include  file  and  directory  strip¬ 
ing  in  Data  OnTap  NG,  plus  sup¬ 
port  block  storage,  Microsoft’s 
Common  Internet  File  System 
(CIFS)  and  iSCSI. 

Network  Appliance  anticipates 
most  customers  won’t  move  to 
the  new  OnTap  for  several 
years.* 


Intel:  Speed  no  longer  enough 


■  BY  JENNIFER  MEARS  AND  DENI  CONNOR 

Intel,  which  faced  design  problems  and  product 
delays,  and  was  forced  to  play  catch-up  with  rival 
AMD  in  2004,  used  its  Spring  Developer  Forum  to 
showcase  new  technologies  that  it  says  will  simplify 
the  lives  of  IT  managers  by  making  it  easier  to  man¬ 
age  and  secure  increasingly  complex  networks. 

While  most  of  the  technologies  had  been  dis¬ 
cussed  before,  Intel  used  the  event  in  San  Francisco 
last  week  to  provide  more  detail  and  give  feature 
release  availability  Virtualization, networked  systems 
management,  I/O  acceleration,  and  dual-core  and 
multicore  designs  were  highlighted. 

Last  year,  the  company  made  it  clear  that  improv¬ 
ing  the  clock  speed  of  its  processors  was  no  longer 
enough. Instead, the  focus  would  be  on  creating  plat¬ 
forms,  which  include  chips,  chipsets  and  other  tech¬ 
nologies  designed  to  work  together  to  improve  sys¬ 
tem  security  manageability  and  performance.  In 
January  Intel  reorganized  its  internal  operations  to 
focus  more  on  the  business  needs  of  its  customers, 
rather  than  on  chip  architecture  and  design. 

“Intel  made  their  shift  in  strategy  last  year,  and  they 
made  their  shift  in  organization  a  month  or  two  ago. 
Now  the  message  they  want  to  promulgate  is  ‘mea 
culpa.’  Last  year  we  messed  some  things  up,  but  we 
are  on  track  noty  ”  says  Gordon  Haff,  an  analyst  at 
Illuminata. 

Intel’s  direction  shift  brings  it  more  in  step  with  the 
industry  as  a  whole,  as  end  users  today  are  more 
interested  in  how  computer  resources  can  help 
solve  business  problems  rather  than  simply  how  fast 
a  processor  runs,  analysts  say 

“There  are  a  lot  more  discrete  issues  involved  in 
performance  than  just  sheer  clock  speed,”  says 


Charles  King,  principal  analyst  at  Pund-IT  Research. 
“Performance  is  not  just  about  speed,  it’s  not  just 
about  security  it’s  not  just  about  dependability  it’s 
not  just  about  flexibility  It’s  about  which  platform 
can  enable  as  many  of  these  different  capabilities 
seamlessty’ 

Intel  Active  Management  Technology  is  designed 
to  work  with  Intel  Virtualization  Technology  and 
LaGrande  security  technology  Intel  executives  say 

The  Active  Management  Technology  which  will  let 
a  customer  discover,  diagnose  and  repair  computer 
problems  remotely  even  if  the  computer  is  turned 
off,  is  scheduled  to  debut  in  Intel’s  Lyndon  desktop 
platform  this  year.  It  is  expected  in  servers  in  2006 
when  Intel  releases  its  dual-core  Xeon  processors. 

As  for  its  virtualization  technology  Intel  has  talked 
about  that  feature  for  some  time,  but  at  the 
Developer  Forum  several  key  partners,  including  vir¬ 
tualization  specialist  VMware  and  XenSource,  said 
they  planned  to  build  support  for  the  Intel  technol¬ 
ogy  into  their  products. 

Intel  Virtualization  Technology  will  be  available  in 
desktops  and  Itanium-based  servers  this  year  and 
will  appear  in  Xeon-based  systems  in  2006, Intel  says. 

At  the  forum  storage  vendors  introduced  Serial 
Attached  SCSI  (SAS)  products,  which  will  be  imple¬ 
mented  in  servers  and  workstations.  SAS  is  a  replace¬ 
ment  for  the  SCSI  bus  used  in  today’s  servers  and 
desktops  —  it’s  faster  and  has  a  smaller  form  factor 
than  SCSI.  SAS  has  a  transfer  rate  of  3G  bit/sec. 

A  number  of  vendors,  including  nStor  and  the  SCSI 
Trade  Association,  demonstrated  SAS  interfaces  and 
drives.  Meanwhile,  Broadcom  introduced  a  SAS  and 
Serial  ATA  RAID-on-motherboard  chipset,  which 
could  be  used  in  low-end  servers  and  workstations 
to  add  RAID  capability  ■ 


Platform  panoply 

A  sampling  of  announcements  made  last  week  at  the  Intel  Developer  Forum: 


Technology 

Processors 

Intel  I/O  Acceleration  Technology 

Intel  Active  Management  Technology  specification 


Intel  Virtualization  Technology 


Intel  Dual  Core  Technology 
Appro  ExtremeBlade 

Interconnects 

Mellanox  InfiniBand  host  channel  adapter 


Marvell  Yukon  II  server  I/O  chip 


Benefit 


Speeds  the  interaction  between  network  datsj^H 
and  server  applications  by  as  much  as  30%.. 

Gives  IT  managers  more  control  and 
manageability  over  networked  computers  and 
reduces  on-site  support  visits  and  asset  tracking. 

Lets  a  system  better  run  multiple  operating 
systems  and  applications  in  independent 
partitions  or  containers. 

Improves  performance  of  Intel  processors,  white 
saving  on  memory  and  power. 

A  84-bit  Xeon  blade  server  for  use  iri  compute- 
intensive  environments. 


Ss6»  «*■  -  .'ISSII 

A  low-power,  low-cost  adapter  suitable  for  use 
on  blade  servers  or  embedded  devices. 


Storage 

Seagate  and  NetCell  eSATA 


Broadcom  SAS/SATA  RAID  on  motherboard  device 


Emulex  4Gbit/sec  Lpel  11000  Adapters 


External  Serial  ATA  drive  designed  for  data 
protection  in  SMBs. 

Increase  RAID  adoption  in  price-sensitive  server 
and  workstation  markets. 

4G-bit/sec  Fibre  Channel  Adapters  for  faster 
SAN  performance. 


Mr.  400,000  SKUs  and 
7.5  Million  Transactions 
Analyzed  In  Real  Time 


Your  potential.  Our  passion. 

Microsoft 


Make  a  name  for  yourself  with  Windows  Server  System.  Microsoft*  Windows  Server  System™  makes  it  easier 
for  Virgin  Entertainment  Group,  North  America  to  make  inventory  decisions  based  on  real-time  data 
from  its  sales  counters.  Here's  how:  By  building  a  business  intelligence  solution  using  SQL  Server™ 
supported  by  BizTalk*  Server  and  the  .NET  Framework,  Virgin  is  able  to  gather  the  Point  of  Sale 
and  traffic  data  collected  in  its  stores,  analyze  it,  and  have  reports  to  store  managers  every 
15  minutes.  Software  that's  easier  to  integrate  is  software  that  helps  you  do  more  with  less. 

To  get  the  full  Virgin  story  or  find  a  Microsoft  Certified  Partner,  go  to  microsoft.com/wssystem 


Windows 
Server  System 
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Fr:  being  alone  with  your  information  management  challenges 


To:  getting  all  the  help  you  need 


EMC  SERVICES  CAN  HELP  YOU  GET  MORE  FROM  YOUR  INFORMATION.  With  EMC,  you  get  the  combined 
expertise  of  over  7,000  consultants,  specializing  in  everything  from  comprehensive  analysis  and  long-term 
planning  to  proven  implementation  and  support.  It’s  the  insight  you  need  to  archive  information  efficiently, 
enable  compliance,  maintain  business  continuity,  and  take  on  new  challenges.  And  it’s  the  first  step  toward 
creating  an  information  lifecycle  management  strategy  that  fits  your  business.  To  put  EMC’s  award-winning 
services  to  work  for  you,  visit  www.EMC.com/services. 
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Financial  firms  bolster  authentication 


II  As  an  industry,  we're 
looking  for  a  way  to  get 
some  peace  of  mind.  9 9 


Josh  Levine 

CTO,  ETrade 


■  BY  ELLEN  MESSMER 

Financial  institutions  are 
strengthening  their  defenses 
against  online  fraud  by  adding 
security  mechanisms  that  are  bet¬ 
ter  suited  to  prove  the  identity  of 
customers  than  are  simple, 
reusable  passwords. 

Brokerage  firm  ETrade  Finan¬ 
cial  last  week  said  it  will  give 
away  RSA  Security’s  handheld 
token,  which  can  generate  a 
dynamic,  changing  password 
every  minute,  to  online  cus¬ 
tomers  with  at  least  $50,000  on 
account.  ETrade  will  offer  the 
token  as  a  paid  service  to  those 
with  less.  This  comes  after  Bank 
of  America’s  promise  last  month 
to  use  two-factor  authentication 
from  VeriSign  just  weeks  after  fac¬ 
ing  a  negligence  lawsuit  from  a 
Miami  businessman  who  says 
that  because  of  online  fraud, 
$90,000  was  stolen  from  his 
account  and  diverted  to  a  bank 
in  Latvia. 


“As  an  industry  we’re  looking  for 
a  way  to  get  some  peace  of  mind,” 
said  Josh  Levine,  CTO  at  ETrade. 

Levine’s  company  will  offer  the 
RSA  SecurlD  hardware  token  for 
free  to  the  wealthiest  of  its  3  mil¬ 
lion  clients,  while  devising  a  ser¬ 
vice  fee  for  the  balance  who  want 
strong  two-factor  authentication. 
ETrade  already  makes  use  of  the 
SecurlD  authentication  server 
internally  for  its  employees. 

It’s  important  for  the  financial 
services  industry  to  move  away 
from  simple  passwords  on  online 
accounts  because  “the  dirty  little 
secret  in  our  industry  is  that  most 
people  use  the  same  ID  across 
sites,”  Levine  said.  That  means 
when  a  phishing  scam  or  Trojan 
on  the  victim’s  computer  steals 
logon  information,  the  captured 
re-usable  passwords  often  pro¬ 
vide  a  way  to  break  into  different 
banking  Web  sites  to  access 
accounts,  not  just  one. 

In  the  high-profile  Bank  of 
America  case,  businessman  Joe 


Lopez  filed  a  lawsuit  claiming 
the  bank  should  reimburse  his 
loss  because  the  bank  didn’t 
alert  him  that  malicious  code 
could  infect  his  computer  and 
steal  his  password.  According  to 
the  lawsuit,  the  Secret  Service,  an 
arm  of  the  Department  of  the 
Treasury,  often  brought  in  to  in¬ 
vestigate  financial  crimes,  deter¬ 
mined  a  Trojan  called  Coreflood 
had  done  just  that  through  key¬ 
logging. 

A  Bank  of  America  spokes¬ 


woman  said  the  bank  couldn’t 
comment  on  pending  litigation 
and  that  the  bank  has  no  specif¬ 
ic  time  table  to  provide  VeriSign’s 
strong  authentication  technol¬ 
ogy  to  customers.  She  added  it 
was  expected  that  bank  employ¬ 
ees  first  would  use  it  internally 
The  rising  threat  to  banks  and 
brokerages  from  Trojans  and 
phishing  attacks  also  is  getting 
attention  from  federal  regulators, 
who  might  institute  tougher 
authentication  rules.  While  strong 


Experts  say  Qwest  bid  for  MCI  still  viable 


■  BY  DENISE  PAPPALARDO 

Is  there  a  chance  Qwest  might 
yet  wrest  MCI  from  Verizon? 
Absolutely  say  experts  watching 


the  tug  of  war,  but  how  likely  that 
chance  might  be  remains  a  mat¬ 
ter  of  conjecture. 

“Qwest  has  made  it  very  inter¬ 
esting,”  says  Mark  Winther.a  group 


vice  president  at  IDC.  “The  offer 
Qwest  has  put  on  the  table,  aside 
from  future  potential,  is  better’’ 

But  MCI  has  signed  Verizon’s 
offer,  and  absent  a  change  of 
heart  brought  on  by  an  en¬ 
hanced  Qwest  offer  and/or  pres¬ 
sure  from  MCI  stockholders, 
Verizon  stands  to  carry  the  deal 
to  its  regulatory  approval  phase. 

There  is  an  out  for  MCI  if  it  so 
chooses.  But  MCI,  or  Qwest, 
would  have  to  pay  a  $200  million 
break-up  fee  to  Verizon  if  that’s 
the  road  it  takes. 

“You  often  see  these  break-up 
fees  in  merger  and  acquisition 
deals,  but  $200  million  is  a  lot  of 
money  It  would  be  unusual  to  see 
that  type  of  payout,”  says  Tony 
Aquilina,  principal  at  investment 
banking  group  Stonebridge  Tech¬ 
nology  Associates. 

Qwest  continues  to  insist  that  its 
spurned  bid  of  $8  billion  remains 
superior  and  that  it  has  also 
sweetened  the  offer  in  a  variety  of 
ways  since  MCI  and  Verizon 
announced  their  deal.  Qwest  says 
it  can  provide  stronger  cost  sav¬ 
ings  of  $14.8  billion  through  a 
pairing  with  MCI  than  the  $7  bil¬ 
lion  Verizon  claims.  Qwest  also 
has  tried  to  improve  its  offer  with 
a  “collar”  that  guarantees  MCI  will 
receive  at  least  $15.50  for  each 


Qwest  share,  irrespective  of  what 
happens  to  its  stock  price  in  the 
interim. 

However,  when  Qwest’s  debt  of 
$16.7  billion  and  the  lack  of  evi¬ 
dence  it  can  increase  revenue  at 
a  substantial  rate  are  factored  in, 
Qwest’s  offer  is  less  valuable  in 
the  long  term,  according  to  a 
report  issued  last  week  by 
Michael  Bowen,  a  financial  ana¬ 
lyst  at  investment  banking  firm 
Friedman,  Billings,  Ramsey  &  Co. 

The  renewed  push  from  Qwest 
comes  three  weeks  after  Verizon 
announced  its  plans  to  buy  MCI 
for  $6.8  billion  and  about  six 
weeks  after  SBC  announced  its 
plans  to  acquire  AT&T  for  $16 
billion. 

Customers  are  watching  the 
events  unfold  with  great  interest 
and  some  trepidation. 

“I  was  pretty  bummed  out  when 
I  heard  about  Qwest’s  bid,”  says 
Bill  Strickland,  national  technol¬ 
ogy  manager  for  IS  LAN/WAN  ser¬ 
vices  at  Toyota  Motor  Sales  USA. 
“Qwest  doesn’t  bring  much  to  the 
table.  It’s  really  not  in  a  better  posi¬ 
tion  than  MCI,  even  with  its  old 
U.S.  West  assets.  [It’s]  financially 
challenged,  and  they  have  no 
wireless  strategy  to  speak  of.” 

Toyota  Motor  Sales  outsources 
See  Qwest,  page  52 


EBBERS  ON  TRIAL!  It’s  in  the  jury’s  hands 

Now  the  jury  has  to  decide 
who  is  lying.  Closing 
arguments  in  the  fraud  trial  of 
former  WorldCom  boss  Bernie 
Ebbers  last  week  crystallized  the 
fact  that  this  case  has  come 
down  to  whether  jurors  believe 
Ebbers’  profession  that  he,  too, 
was  victimized  by  the  prose¬ 
cution's  star  witness,  former 
WorldCom  CFO  Scott  Sullivan, 
who  already  has  pleaded  guilty 
to  fraud  and  faces  25  years  in 
prison.  "Obviously  [Ebbers]  was 
CEO,”  said  defense  attorney 
ReidWeingarten  during  his 
closing  statement  “In  that  sense, 
he  is  responsible”  for  the 
company's  downfall.  “But  he 
should  not  be  convicted  if  he  like 
so  many  others  at  WorldCom  were  deceived  by  Scott  Sullivan."  A 
day  earlier,  the  prosecution  summarized  its  case:  "We  all  know  money 
can  corrupt  people,  power  can  corrupt  people  and  pressure  can 
corrupt  people,"  said  William  Johnson,  an  assistant  U.S.  attorney. 
“Money,  power  and  pressure  all  corrupted  Bernard  J.  Ebbers  to 
commit  fraud  on  a  billion-dollar  scale." 


Closing  arguments  were  made  last  week  in 
the  case  against  WorldCom’s  Bernie  Ebbers. 
(AP  photo/Mary  Alfaffer) 


two-factor  authentication  has 
long  been  used  in  big-portfolio 
investment  banking  circles,  the 
average  consumer  seldom  is 
offered  more  than  a  re-usable 
password  and  ID. 

But  that  could  change.The  reg¬ 
ulatory  agency  Federal  Deposit 
Insurance  Corp.  (FDIC)  in  De¬ 
cember  issued  a  report  called 
“Putting  an  End  to  Account- 
Hijacking  Identity  Theft.”  The 
FDIC  report  flatly  advises  finan¬ 
cial  institutions  they  should  be 
“upgrading  existing  password- 
based,  single-factor  customer 
authentication  systems  to  two- 
factor  authentication.” 

In  the  report,  the  FDIC  says  it  is 
considering  making  this  a  re¬ 
quirement.  Last  week,  an  FDIC 
spokesman  said  there’s  no  man¬ 
date  currently  that  dictates  online 
authentication  requirements. 

Financial  services  firms  point 
out  that  dynamic-password  tok¬ 
ens  aren’t  the  only  way  to  im¬ 
prove  authentication. 

There  are  also  biometrics  that 
use  fingerprint  or  iris  scans  to 
prove  identity 

Other  measures  include  the 
type  of  two-way  authentication 
software  from  PassMark 
Security,  which  goes  beyond 
passwords  without  requiring 
specialized  hardware.  Stanford 
Federal  Credit  Union  last  month 
began  using  the  PassMark 
System  software  to  protect  its 
40,000  customers  from  phishing 
scams,  says  Sam  Tuohey,  vice 
president  of  technologies  and  e- 
commerce  at  the  firm. 

The  PassMark  System  works  by 
presenting  a  unique  image  and 
text  to  each  credit  union  mem¬ 
ber  as  he  begins  the  logon 
process. 

In  addition,  PassMark  software 
puts  a  simple  ID  onto  the  user’s 
PC  in  the  form  of  a  flash  object 
with  a  cookie.  The  intent  is  to 
identify  a  home  computer.  If  the 
customer  does  not  happen  to  be 
on  a  home  computer,  a  Web  form 
drops  down  and  asks  a  simple 
question  the  customer  is  expect¬ 
ed  to  answer,  such  as  “What  is  the 
name  of  a  family  pet?” 

Most  credit  union  members 
have  adapted  easily  to  the  new 
security  procedures,  which  aug¬ 
ment  the  customary  user  ID  and 
password,  Tuohey  says.  “And 
seven  days  after  we  went  with 
PassMark,  we  got  phished,”  he 
adds.  To  date,  the  credit  union 
sees  no  evidence  that  the  attack 
was  successful.* 
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Share 

continued  from  page  1 

which  this  year  celebrates  its  50th  anniversary  as  an 
educational  and  networking  forum  for  users  of  IBM 
technology. 

The  first  Share  button  surfaced  in  1965  with  the  appeal 
“Stamp  out  green  words.’Tt  was  a  reference  to  an  IBM  pre¬ 
sentation  made  a  year  earlier  —  in  which  the  speaker 
chose  to  use  green  chalk  —  describing  a  new  block  tape 
format  for  FORTRAN.  Users  objected  to  the  fact  that  only 
the  FORTRAN  language  could  read  the  unformatted 
records,  now  known  asVBS.and  there  were  no  provisions 
for  other  languages  such  as  Assembler  or  COBOL,  says 
Barry  Merrill,  aka  the  Button  Man. 

“It  wasn’t  so  much  anti-VBS,  but  a  plea  to  IBM  to  make 
these  records  available  to  all  languages,  not  just  one,” 
Merrill  says. 

That  first  button  started  what  became  a  longstanding 
Share  tradition  of  lobbying  IBM  via  buttons  that  attendees 
conceived  and  produced  on  their  own  dimes.The  early 
buttons  were  noncommercial,  sometimes  in  praise  of  a 
product  that  an  individual  liked, sometimes  attacking  a 
product  people  didn’t  like,  Merrill  says.“They  were  almost 
always  humorous.  Occasionally  they  were  a  little  bit  scur¬ 
rilous  or  scatological,  and  there  were  a  few  sexual  refer¬ 
ences,”  he  says. 

Merrill  started  collecting  Share  buttons  in  1975  and 
today  has  1,1 70.  Of  all  the  buttons  produced,  he  estimates 
he  might  be  missing  a  few  dozen  at  most.The  collection 
has  grown  over  the  years  thanks  to  a  lot  of  contributions 
—  some  particularly  memorable,  Merrill  says.“This  one 
box  shows  up  in  the  mail  and  there’s  a  little  note  from 
someone  saying  ‘In  view  of  my  impending  marriage  and 
my  agreement  with  my  wife  to  shed  half  of  my  stuff  while 
she  sheds  half  of  her  crap,  here  is  my  button  collection  to 
add  to  yours’”  he  adds. 

Today,  the  buttons  are  artifacts,  having  faded  from 
prominence  in  the  1990s  as  excessiveness  began  to  dilute 
the  messages.“lt  became  overcommercialized  in  the 
1990s,  as  much  of  the  world  did,”  Merrill  says. 

But  he  still  breaks  out  his  now  infamous  lab  coat  for 
each  Share  conference  he  attends.  And  there  have  been 
many  Merrill  attended  his  first  meeting  in  1974  and  has 

We’re  at  over  $10  million  worth 
of  savings  on  things  that  we  picked 
up  at  Share." 

Carl  Youngren 

Former  director  of  IS  division,  state  of  California's 

Department  of  Health  and  Human  Services 

since  attended  about  50  of  the  biannual  events,  first  as  a 
user  and  later  as  a  vendor.“I  don’t  think  I’ve  missed  more 
than  a  dozen  meetings," says  Merrill,  who  today  runs  his 
own  firm,  Merrill  Consultants. 

Peer  power 

Share  got  its  start  in  1955  when  a  handful  of  pioneering 
IT  professionals  got  together,  just  two  years  after  the 
release  of  IBM’s  first  computer,  to  prepare  for  running  the 
systems.  In  the  early  years,  stringent  membership  require¬ 
ments  allowed  only  mainframe  shops  to  join  the  group 
and  attend  the  biannual  meetings. While  membership 
requirements  have  been  loosened  over  the  years,  the 
spirit  of  the  organization  remains  the  same,  longtime  par¬ 
ticipants  say 

“The  best  part  of  Share  is  the  opportunity  to  talk  to  peo¬ 
ple  who  have  the  same  problems  you  have  and  learn 
how  they  solved  them,"  says  Robert  Rosen,  current  presi- 


Bedecked  in  his  trademark  lab  coat  and  buttons,  Barry 
Merrill,  affectionately  known  as  the  Button  Man,  has 
attended  about  50  Share  conferences.  He  collected  his  first 
button  in  1975. 

dent  of  Share  and  a  CIO  within  the  federal  government’s 
National  Institutes  of  Health.  Rosen  attended  his  first 
Share  meeting  in  1970  and  has  been  coming  ever  since. 

User  presentations  are  the  most  valuable  part  of  Share, 
says  Carl  Youngren,  a  former  assistant  director  of  the  infor¬ 
mation  systems  division  in  the  state  of  California’s 
Department  of  Health  and  Human  Services’  data  center. 
“Any  vendor  will  give  me  a  pitch  on  his  product  in  a 
moment’s  notice.  But  what  you  can’t  get  is  somebody 
standing  up  saying, ‘Hey,  I  put  this  thing  in  my  shop  and 
this  is  what  worked  and  this  is  what  didn’t  work.’ That’s  the 
most  valuable  part  of  Share, ’’Youngren  says. 

He’s  among  the  attendees  willing  to  talk  about  how  stuff 
works. Youngren,  who  retired  at  the  end  of  last  year  but 
returned  to  his  old  job  on  a  part-time  basis  a  few  months 
later,  attended  his  first  Share  meeting  in  1980.Since  1991, 
he  and  partner  Bob  Shannon  of  Rocket  Software  have 
delivered  one  of  the  most  popular  sessions. 

It’s  called  Bit  Bucket,  and  it  started  out  as  filler  for  a  slot 
in  the  schedule  that  no  one  else  wanted  to  fill:  the  last 
session  on  Friday,  Share’s  closing  day  In  Bit  Bucket, 
Youngren  and  Shannon  talk  about  myriad  topics,  most 
related  to  IBM’s  MVS  mainframe  operating  system. 

Instead  of  a  formal  session  on  a  specific  topic,  it’s  a 
series  of  tips,  warnings,  anecdotes  and  whatever  else  the 
pair  comes  up  with. 

“It’s  just  a  couple  of  users  talking  about  things  that  hap¬ 
pened  in  the  last  six  months  —  what  bit  us,  what  might 
bite  you,”  Youngren  says.“If  you  don’t  like  what  we’re  talk¬ 
ing  about,  wait  5  minutes  and  we’ll  be  on  another  topic.” 

Youngren  made  getting  to  Share  a  priority  throughout 
his  career,  which  wasn’t  always  easy  as  a  budget-strapped 
state  employee.  He  and  his  colleagues  learned  to  justify 
their  trips  to  Share  over  the  years  by  carefully  document¬ 
ing  instances  in  which  they  saved  money  as  a  result  of 
tips  or  techniques  learned  at  the  meetings. 

For  example,  at  one  conference  Youngren  learned 
about  a  problem  with  IBM’s  IDMS  database  that  another 
Share  attendee  had  experienced.  By  making  a  small  fix 
to  the  IDMS  code,  he  averted  the  problem  before  it 
affected  his  data  center,  saving  $2.5  million  a  year. “We’re 
at  over  $10  million  worth  of  savings  on  things  that  we 
picked  up  at  Share,”  Youngren  says. 

The  educational  and  networking  opportunities  made  it 
worthwhile  for  Sam  Golob,  an  MVS  systems  programmer 
who  now  runs  his  own  company  Sam  Golob  Systems 


Programming,  to  pay  his  own  way  when  employers 
stopped  footing  the  bill  not  too  many  years  after  his  first 
meeting  in  1987. 

“I  really  think  it’s  a  better  school  than  any  other  they 
could  send  you  to.  Everything’s  there,”  Golob  says.“One 
time,  many  years  ago,  I  took  about  50  or  60  questions 
from  everybody  I  worked  with  in  a  notebook  to  Share.  I 
got  answers  to  every  single  one,”  Golob  says. 

Straight  from  the  source 

Getting  answers  from  IBM  —  as  well  as  sneak  previews 
of  forthcoming  products  —  is  easier  at  Share  than  any¬ 
where  else,  simply  because  of  the  accessibility  of  product 
development  staff,  attendees  say 

“If  you  call  IBM  you  can’t  get  to  certain  people.  If  they 
come  to  Share,  you  can  get  to  them ’’Golob  says.“IBM 
opens  the  door  through  Share  in  a  way  they  don’t  do  any¬ 
where  else.” 

It’s  a  two-way  street  —  IBM  developers  who  attend 
Share  benefit  just  as  much  from  the  access  to  customers, 
says  Charlie  Lyman,  IBM’s  liaison  to  Share  since  1985.“It’s 
the  only  chance  they  really  get  to  be  face  to  face  with 
customers,  because  most  of  them  don’t  travel  regularly  on 
business,”  he  says. 

For  Share  attendees,  getting  design  ideas  in  front  of 
IBMers  typically  happened  by  way  of  project  require¬ 
ments  —  IBM’s  formal  process  for  submitting  requests  for 
product  changes.“Project  requirements  were  the  reason 
many  of  us  attended  Share,  because  it  was  the  only 
avenue  we  had  to  get  IBM  to  pay  attention  to  design 
changes,”  Merrill  says. 

On  the  informal  side,  Share’s  social  events,  called  Scids, 
also  have  afforded  attendees  access  to  key  IBM  staff.“That 
one-on-one  social  interaction  with  the  developers  at  night 
was  as  important  as  the  formal  project  requirements  that 
were  passed  during  the  da>f  Merrill  says. 

But  like  the  buttons,  the  importance  of  project  require¬ 
ments  has  diminished  as  other  avenues  for  influencing 
IBM  design  have  opened. 

“We’re  finding  that  requirements  aren’t  quite  as  impor¬ 
tant  as  they  used  to  be  for  two  reasons,”  says  Cheryl 
Watson  Walker,  an  MVS  tuning  expert  who  runs  Watson 
&  Walker  in  Sarasota,  FIa.“One  is  that  people  don’t  have 
as  much  time  to  get  involved  in  the  requirements 
process.  They’re  a  little  overwhelmed  and  overburdened 
in  their  regular  jobs.”The  second  reason  is  that  IBM  has 
relaxed  its  requirements  processes,  says  Watson,  who  has 
been  attending  Share  since  1978  and  has  been  an  offi¬ 
cer  for  25  years. 

Watson  cites  a  presentation  IBM  made  at  Share  about  a 
year  ago  on  zSeries  Application  Assist  Processor  measure¬ 
ments.  Some  of  the  measurements  raised  concerns  with 
Watson  and  other  members  of  Share’s  capacity  and  per¬ 
formance  management  project.“A  couple  of  us  started  a 
dialogue  with  IBM  in  e-mail  before  the  next  Share.  And 
half  of  the  changes  were  already  coded  before  we  even 
got  to  that  Share,”Watson  says. 

Another  thing  that  has  changed  over  the  years  at  Share 
is  the  audience. 

“It  used  to  be  the  people  who  came  were  very  narrowly 
focused  on  one  area,"  IBM’s  Lyman  says.“But  most  compa¬ 
nies  can’t  afford  to  do  that  anymore.” 

In  addition  to  staying  abreast  of  technology  adoption 
trends  and  evolving  attendee  roles,  it  has  been  important 
for  Share  to  keep  up  with  societal  changes  —  by  banning 
smoking  from  meeting  rooms  and  instituting  a  program 
for  spouses,  for  example.That’s  part  of  what  keeps  Share 
going,  Rosen  says.“If  we  had  kept  that  old  nose-to-the- 
grindstone  attitude,  talking  computers  24/7,  we  probably 
wouldn’t  have  made  50  years,”  he  says. 

Share’s  continued  independence  from  IBM  has  also 
secured  its  longevity,  Golob  says.“There  has  to  be  a  forum 
to  discuss  things  that  users  want  to  talk  about,  not  just 
what  the  company  dictates,”  he  says.  ■ 


George  is  secure  in  his  information  workplace 
k  (and  he’s  not  afraid  to  show  it.) 


jr-  r.  xA 

_ 

■§  : 

Worrying  about  viruses  and  unwanted  content  can  hold  you  back.  That’s  why  thousands  of 
companies  across  the  globe  -  from  Fortune  100  organizations  to  small  businesses  -  rely  on 
Sybari  to  secure  their  information  workplaces,  including  e-mail,  instant  messaging,  and 
document  sharing. 


SECURING  THE  INFORMATION  WORKPLACE 


Our  unique  solutions  use  multiple  virus  scanning  engines  and  industry-leading  antispam  and 

content-filtering  technologies  to  stop  threats  before  they  stop  your  business.  Make  the  move  To  leam  more, 

to  Sybari...  and  experience  the  freedom  of  security  and  productivity.  visit  WWW.Sybari.COm/nw05 
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Early  adopters  share  tips  at 


■  BY  ANN  BEDNARZ 

ANAHEIM,  CALIF  —  Finding 
hiccups  in  pre-release  code  is  a 
labor  of  love  for  Martha  Mc- 
Conaghy“Our  philosophy  is,  if  we 
find  the  bugs,  you  won’t  have  to,” 
says  McConaghy  who  is  systems, 
network  and  operations  manager 
at  Marist  College  in  Poughkeep¬ 
sie,  N.Y  Plus  it  keeps  work  inter¬ 
esting,  she  says. 

Marist  is  a  frequent  participant 
in  IBM  early  support  programs, 
wherein  IT  shops  gain  access  to 
pre-release  versions  of  IBM  prod¬ 
ucts  and  test  their  real-world 
mettle. 

At  last  week’s  Share  conference, 
McConaghy  talked  to  fellow  IBM 
users  about  her  experience  de¬ 
ploying  z/VM  5.1,  the  newly  avail¬ 
able  version  of  IBM’s  virtual 


Bob  Brown 

Executive  News  Editor,  Network  World 

John  Six 

Editor  in  Chief,  Network  World 

Lee  Doyle 

Group  VP,  Network  Infrastructure,  IDC 


machine  mainframe  operating 
system.  More  than  2,800  atten¬ 
dees  turned  out  for  Share. 

The  Share  conference  drew 
IBM  users  from  companies  in¬ 
cluding  Boeing,  Nationwide  In¬ 
surance  and  SBC,  who  shared  tips 
and  talked  about  lessons  learned 
during  recent  rollouts.  In  addi¬ 
tion,  IBM  technologists  detailed 
new  product  releases  and  offered 
sneak  peeks  of  features  to  come. 
Many  topics  had  a  mainframe 
bent  —  Share’s  roots  are  with  Big 
Iron  users  —  but  the  conference 
also  included  tracks  on  mobile 
computing,  Unix  systems  and 
even  the  Sarbanes-Oxley  Act 
(SOX). 

For  McConaghy  the  promise  of 
performance  gains  fueled  her 
interest  in  z/VM  5.1,  which  sup¬ 
ports  IBM’s  Virtual  Switch 
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(VSwitch)  network  function. 
VSwitch  is  designed  to  improve 
the  interaction  between  guests 
running  under  z/VM  and  the 
physical  network  connected  to 
the  zSeries  processor;  the  new 
version  offers  improved  failover 
capabilities.“When  we’re  running 
500  Linux  guests,  we  need  every 
ounce  of  performance  we  can 
get,”  McConaghy  says. 

Meanwhile,  early  adopter  Bank 
of  Montreal  shared  details  of  its 
three-year  project  to  deploy 
WebSphere  for  z/OS  Version  5 
on  its  mainframe.  Bank  of  Mon¬ 
treal  got  the  code  for  z/OS  Ver¬ 
sion  5  in  early  2003,  about  six 
months  before  it  became  gener¬ 
ally  available,  and  early  access 
last  year  to  Version  5.01  and  Ver¬ 
sion  5.02.  Today  it’s  working  on 
testing  Version  5.1,  which  it 
plans  to  put  in  production 
around  midyear. 

Running  WebSphere  on  the 
mainframe  streamlines  business 
processes  that  span  the  bank’s 
branch  locations  and  the  back 
office,  says  Malcolm  Sanderson,  a 
senior  specialist  for  strategic 
planning  at  the  financial  institu¬ 
tion.  For  example,  by  reducing  the 
amount  of  systems  that  branch 
employees  have  to  enter  data  into 
during  the  process  of  opening  a 
new  customer  account,  the  bank 
can  trim  the  task  from  40  minutes 
to  10  minutes. 

Bank  of  Montreal  wanted  to  use 
modern  technology  and  tools  to 
design  Web  services  that  can  be 
reused  for  multiple  systems  that 
handle  its  branches,  call  centers 
and  Web  site  transactions. 

“Using  new  technology  and 
new  tooling  we  can  develop 
code  a  lot  faster  and  get  it  into 
production  a  lot  faster,”  Sander¬ 
son  says.  The  downside  is  Web¬ 
Sphere  for  z/OS  chews  up  a  lot  of 
mainframe  resources.  “So  we’re 
trading  CPU  capacity  for  devel¬ 
oper  time,  but  we  think  that’s  a 
good  trade-off.” 

The  biggest  challenge  of  the 
multiyear  project  was  the  very  ag¬ 
gressive  timeline  the  bank  adopt- 
ed.“Give  yourself  a  lot  of  runwa'/ 
says  David  Romaniuk,  systems 
programmer  at  Bank  of  Montreal. 
“It’s  really  time-consuming.” 

Outside  the  mainframe  camp, 
one  session  filled  to  capacity 
focused  on  IT  implications  of 
SOX.  Ed  Byers  and  Greg  Thomas, 
who  are  a  partner  and  senior 
manager,  respectively  at  consult¬ 
ing  firm  Deloitte,  talked  about 
common  issues  they’ve  seen  in 
the  field. 
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Have  you  overhauled  your  network  and 

realized  a  substantial  ROI,  discovered 

a  significant  new  business  opportunity  or 

found  a  creative  way  to  leverage  technology? 

If  so,  get  in  the  running  for  Network  World’s  new  Renovator 
Award,  the  top  winners  of  which  will  be  honored  at  a 
celebration  in  Las  Vegas  during  the  NetWorld+Interop 
conference,  May  3-5. 

Entries  will  be  judged  by  a  panel  of  Network  World  editors, 
columnists  and  industry  experts.  Winners  will  be  presented 
an  award  at  the  celebration  and  profiled  in  a  subsequent 
Network  World  story. 

Stand  up  and  be  counted. 

Enter  today  at  www.nwfusion.com/renovator2005.html, 
DocFinder:  5951. 

All  entries  must  be  received  by  March  28,  2005. 
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SOX  and  IT 

A  pair  of  auditors  from 
Deloitte  outlined  at  Share 
a  handful  of  common 
issues  IT  departments 
encounter  when  trying  to 
comply  with  internal 
controls  and  Sarbanes- 
Oxley  Act  requirements. 


•  Identifying  duties  and 
alleviating  conflicts. 


•  Monitoring  end-user  man¬ 
ipulation  of  data  marts  and 
spreadsheets. 

•  Managing  changes  to 
general  computer  controls. 


Evaluating  “superuser" 
access,  such  as  developers’ 
access  to  production 
systems. 


•  Maintaining  data  accuracy, 
integrity  and  security. 


•  Defining  the  scope  of 
adequate  back-up  and 
restore  capabilities. 


•  Determining  S AS  70  —  an 

auditing  standard  for 
assessing  the  internal 
controls  of  outsourcers  and 
service  providers  — 
j  obligations. 


IT  is  at  the  center  of  many  of  the 
sticking  points  companies  are  en¬ 
countering  in  their  efforts  to  com¬ 
ply  with  Section  404  of  the  legis¬ 
lation,  which  pertains  to  main¬ 
taining  appropriate  controls  over 
corporate  financial  systems. 
Security,  change  control  and 
back-up  issues  are  particularly 
common,  Byers  says. 

Financial  and  operational 
audits  in  the  pre-SOX  world  tend¬ 
ed  to  focus  less  on  IT  controls.  In 
fact,  audits  could  be  completed 
without  an  evaluation  of  IT  con¬ 
trols,  Thomas  says.  Audits  that 
looked  into  IT-related  processes 
typically  tested  only  general  com¬ 
puter  controls,  not  application 
controls.  And  testing  was  rotation¬ 
al,  meaning  not  every  area  was 
tested  every  time. 

With  SOX,  audits  today  are  more 
IT-focused.  They  require  evalua¬ 
tion  of  IT  controls,  and  applica¬ 
tion  control  testing  is  critical. 
“That’s  the  big  change  from  an  IT 
perspective,”  Thomas  says.  “It’s  a 
huge  amount  of  work  for  an  IT 
organization  just  to  deal  with  all 
the  questions  being  asked  about 
change  control  and  application 
controls.”  ■ 
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VoIP  apps  take  center  stage  at  VON 

Raft  of  vendors  to  roll  out  IP  PBX  enhancements,  IP  phone  systems,  security  wares. 


m  BY  TIM  GREENE 

VoIP  applications  for  business¬ 
es,  including  call  center  pro¬ 
grams,  multimedia  conferencing 
and  IP  Centrex,  will  be  dominant 
themes  at  this  week’s  Spring  VON 
2005  conference. 

The  San  Jose  show,  once  dedi¬ 
cated  to  a  carrier  audience,  now 
increases  its  focus  on  users  of 
carrier  services  and  private  VoIP 
networks,  given  the  rise  in  usage. 
Frost  &  Sullivan  estimates  VoIP 
services  used  by  businesses  this 
year  will  nearly  triple  last  year’s 
(see  graphic). 

Attendance  is  expected  to 
jump  to  6,000,  from  3,500  last 
year,  show  officials  say  Attendees 

VoIP  booming 

As  users  show  more  in¬ 
terest  in  VoIP,  use  of  VoIP 
services  in  North  America 
also  are  expected  to  grow 
rapidly. 


Millions  of  lines 


SOURCE:  FROST  A  SULLIVAN 


will  have  240  exhibitors  to  visit 
across  90,000  square  feet  of  floor 
space  at  the  San  Jose 
Convention  Center.  Last  year,  130 
exhibitors  took  up  35,000  square 
feet  of  the  Santa  Clara 
Convention  Center. 

Headlining  the  show  are  key¬ 
note  speakers  Vonage  CEO 
Jeffrey  Citron,  Level  3  Communi¬ 
cations  CEO  Jim  Crowe,  AOL 
CEO  Jonathan  Miller  and  FCC 
Chairman  Michael  Powell.  The 
chairman,  who  winds  up  his  stint 
on  the  commission  this  month,  is 
expected  to  keep  up  his  promo¬ 
tion  of  VoIP  at  the  conference. 

“We  must  ensure  [VoIP]  contin¬ 
ues  to  grow  in  a  healthy  environ¬ 
ment  that  provides  stability  and 
encourages  innovation,”  Powell 
said  in  a  statement.  “Internet 
voice  is  the  future.” 

VON  sessions  will  dish  up 
practical  advice  —  from  how  to 
write  a  VoIP  RFP  that  doesn’t 


box  you  in  to  a  particular  ven¬ 
dor  to  what  businesses  should 
expect  in  the  way  of  functional¬ 
ity  and  administrative  demands 
from  IP  PBXs. 

One  panel  will  explore  integra¬ 
tion  of  VoIP  and  Wi-Fi  in  business 
networks.  Panelist  Roger  Sands, 
enterprise  development  vice 
president  of  Wi-Fi  equipment 
maker  Colubris  Networks,  says 
adding  voice  to  data  on  wireless 
networks  is  not  a  cinch. 

“You  have  to  make  sure  there  is 
sufficient  quality  of  service  for 
all  your  applications,  including 
roaming,”  he  says. 


Product  parade 

A  host  of  vendors  will  intro¬ 
duce  offerings  aimed  at  business 
customers.  Here’s  a  sampling: 

•  AccessLine  Communications 
will  announce  SmartVoice,  a 
VoIP  service  that  can  supple¬ 
ment  voice  networks.  The  com¬ 
pany  says  its  service  can  be  used 
to  cut  the  cost  of  calls  among 
corporate  sites,  saving  customers 
up  to  50%  on  some  lines.  Cus¬ 
tomers  connect  to  AccessLine’s 
network  via  an  on-site  gateway 
which  acts  as  a  virtual  PBX, 
adding  call  features  such  as 
voice  mail  and  automated  call 
attendant. 

•  German  IP  PBX  maker  Snom 
Technology  will  air  Snom  Box, 
an  IP  PBX  for  up  to  50  users.  The 
roughly  wallet-sized  box  (3.5  by 
3  by  1.5  inches)  is  smaller  than 
the  Snom  phones  it  supports.  It 
lacks  ports  to  connect  to  the 
public  phone  network,  so 
requires  a  separate  public 
switched  telephone  network 
gateway.  The  company  hasn’t  set 
a  price. 

•  Aastra  Technologies  will 
announce  and  demonstrate  a 
PBX-less  IP  phone  system  for 
small  businesses  that  can  scale 
up  to  200  phones.  The  system 
consists  of  Venture  480i  IP 
phones  ($379)  and  a  VenturelP 
Gateway  ($289)  to  the  public 
phone  network  that  can  handle 
four  phone  lines.  If  a  company 
wants  to  use  more  phone  lines,  it 
can  buy  more  gateways.  The 
peer-to-peer  phones  run  software 
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by  Nimcat  Networks  that  pro¬ 
vides  Venture  gear  with  its  PBX 
call  features  such  as  voice  mail, 
auto  attendant  and  call  transfer. 

•  Another  peer-to-peer  VoIP 
vendor,  Popular  Telephony,  is 
expected  to  unveil  FeerioData,  a 
data-storage  upgrade  to  its 
Peerio  VoIP  middleware  plat¬ 
form. 

•  Telchemy  is  announcing  that 
Texas  Instruments  is  embedding 
its  monitoring  software  in  chips 
used  for  VoIP  gear  such  as  VoIP 


phones  and  gateways.  Telchemy 
says  this  will  give  businesses  a 
better  reading  of  voice  quality 
on  their  IP  networks  and  a  tool 
for  troubleshooting  problems. 

•  Kagoor  Networks,  a  maker  of 
session  border  controllers,  is 
introducing  upgrades  that  it  says 
boost  corporate  network  securi¬ 
ty.  Session  border  controllers 
map  public-to-private  IP  address¬ 
es  and  shepherd  VoIP  traffic  in 
and  out  of  firewalls  without  leav¬ 
ing  ports  open  when  calls  are  fin¬ 


ished.  Kagoor  is  adding  the  abili¬ 
ty  to  handle  data  protocols  to  its 
VoiceFlow  controllers.  This 
means  corporations  don’t  have 
to  set  up  separate  devices  in  a 
security  zone  to  handle  VoIP 
management  traffic  that  comes 
as  part  of  VoIP  flows.  Before,  this 
management  traffic  could  not 
make  it  through  firewalls  via  the 
session  border  controller,  and 
devices  to  gather  it  had  to  be  set 
up  outside  the  main  corporate 
firewall,  H 


Sonic  expands  its  S0A  lineup 


Suite  partners 

Sonic  Software  is  making  two  additions  to  its  lineup  of 
Web  services  middleware  software  and  bundling  them 
with  its  Enterprise  Service  Bus,  Orchestration  Server  and 
XML  Server  to  create  the  Sonic  SOA  Suite. 


New  additions 

Features 

Database  Service 

includes  drivers  for  major  corporate 
databases. 

Supports  queries,  updates,  stored 
procedures  and  polling. 

Converts  XML  message  to  database  calls 
and  database  results  to  XML  message.  J 

Collaboration  Server 

Supports  ebXML,  RosettaNet  and  Web 
services  protocols. 

Policy-based  management  of  partner  access. 

SOURCE:  SONIC  SOFTWARE 

Supports  digital  signatures,  non-repudiation 
and  message  encryption. 

■  BY  JOHN  FONTANA 

Web  services  infrastructure  ven¬ 
dor  Sonic  Software  this  week  will 
introduce  its  SOA  Suite,  which 
includes  tools  designed  to  make 
it  easier  for  corporations  to  inte¬ 
grate  current  databases  with  Web 
services  and  to  share  resources 
with  partners. 

The  company  is  launching 
Collaboration  Server  6.1,  which 
lets  users  extend  Sonic  Enterprise 
Service  Bus  (ESB),  a  Web  ser- 
vices-based  middleware  integra¬ 
tion  engine,  to  integrate  with  part¬ 
ners’  networks.  Database  Service, 
an  addition  to  ESB  that  lets  the 
middleware  talk  directly  to  data¬ 
base  engines,  is  also  new. 

The  two  new  pieces  are  being 
bundled  with  ESB  and  Sonic’s 
Orchestration  and  XML  servers  to 
create  SOA  Suite  6.1,  formerly 
called  Sonic  Business  Integration 
Suite. 

The  intent  is  to  supply  corpo¬ 
rate  users  with  a  backbone  for  a 
service-oriented  architecture 
(SOA)  that  stretches  throughout 
an  organization  and  across  net¬ 
work  boundaries.  Sonic’s  focus  is 
on  tying  computing  resources, 
such  as  databases,  into  a  Web  ser¬ 
vices  model  that  is  fueled  by 
events  on  the  network,  such  as  a 
transaction,  with  the  ESB  integra¬ 
tion  platform  as  the  common 
layer  for  executing  those  events. 

“Sonic  is  adding  lots  of  usability 
improvements,  database  improve¬ 
ments,  and  a  common  services 
invocation  layer]’  says  Shawn 
Willett,  principal  analyst  with 
Current  Analysis.“Feople  do  have 
a  lot  of  services  now  and  they  are 
thinking  about  some  of  the  limi¬ 
tations  of  SOAs.”Willett  says  those 


limitations  center  on  immature 
standards  for  features  such  as 
guaranteed  messaging  and  secu¬ 
rity  and  also  building  support  for 
events  and  transactions.“With  the 
database,  it  is  not  event-driven,  it  is 
query-driven.  How  do  you  deal 
with  that  to  create  an  event?  How 
do  you  put  in  an  event  layer, 
transactional  layer?”Willett  asks. 

Sonic  is  answering  the  database 
question  with  its  Database 
Service,  which  supports  connec¬ 
tion  to  Oracle,  SQL  Server,  Sybase, 
Informix  and  DB2  databases. 

Sonic  is  using  drivers  it  ac¬ 
quired  when  its  parent  company 
Progress  Software,  bought  Data- 
Direct  Technologies  last  year.  The 
drivers  support  extraction  of 
metadata  and  schema  from  the 
database. 

“The  service  can  become  an 
event  generator  that  can  monitor 


state  in  a  database  and  generate 
events  based  on  what  occurs,” 
says  Gordon  Van  Huizen,  CTO  of 
Sonic. 

The  Collaboration  Server  sup¬ 
ports  both  business-tobusiness 
and  Web  services  protocols, 
which  includes  RosettaNet  and 
ebXML,  and  file  transfer  or  mail- 
based  interfaces.  The  server  also 
lets  corporations  separate  partner 
business  processes  from  internal 
business  processes. 

Sonic  ESB,  which  competes 
with  products  from  Cape  Clear, 
Fiorano  Software,  IBM,  Iona,  See- 
Beyond  Technology  WebMethods 
and  others,  runs  on  Windows,  HP- 
UX,  IBM  AIX,  Red  Hat  Linux  and 
Sun  Solaris.  The  SOA  Suite  costs 
$35,000  per  CPU.  The  Database 
Service  costs  $15,000  per  CPU, 
and  the  Collaboration  Server 
costs  $35,000  per  CPU.  ■ 
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Juniper 

continued  from  page  1 

small  geographic  area  (a  single  floor,  for 
example).  At  the  same  time, with  its  option¬ 
al  asymmetric  DSL  port,  the  NetScreen-5GT 
Wireless  can  act  as  a  complete  SMB  secure 
access  product,  offering  Internet  connec¬ 
tivity,  guest,  employee,  and  wireless  and 
wired  access  in  the  DMZ,  and  fly-by  virus 
scanning. 

The  NetScreen-5GT  Wireless  offers  basic 
radio  capabilities:  It  has  one  802.1  lb/g 
radio  with  a  few  antenna  options  (includ¬ 
ing  high-gain  directional  and  omni-direc¬ 
tional).  But  its  impressive  security  capabili¬ 
ties  make  the  Juniper  box  stand  out. 

The  NetScreen-5GT  Wireless  lets  you  cre¬ 
ate  up  to  four  different  WLANs,  each  identi¬ 
fied  by  its  own  Sendee  Set  Identifier 
(SSID).  A  critical  part  of  any  multi-SSID 
access  point  is  that  it  have  unique  Ethernet 


Company:  Juniper  Networks, 
www.juniper.net  Cost:  From  $770  to 
$2,125  depending  on  options, 
hardware  configuration  and  software. 
Pros:  Excellent  integration  of 
wireless  security  features  and 
firewall  security  policy;  strong  ability 
to  have  multiple,  differently  secure 
wireless  networks;  supports  all 
relevant  authentication  and  VPN 
types.  Cons:  No  802.11a  radio;  some 
lack  of  configuration  flexibility. 


addresses  for  each  SSID  —  called  basic 
SSIDs  (BSSID).This  feature  —  also  support¬ 
ed  by  more  established  wireless  gear  ven¬ 
dors  such  as  Aruba  Wireless  Networks  and 
Airespace  (recently  acquired  by  Cisco)  — 
requires  significant  hardware  support. 
Without  it,  multiple  SSID  systems  have  poor 
interoperability  with  many  wireless- 
enabled  laptops.  The  NetScreen-5GT  Wire¬ 
less  supports  up  to  four  BSSIDs,  one  for 
each  WLAN.  We  had  no  interoperability 
problems  with  drivers  on  Windows  or 
Macintosh  clients  tested. 

Each  WLAN  also  can  have  different 
authentication  and  encryption  parame¬ 
ters, and  these  are  fully  under  the  control  of 
the  IT  manager.  In  our  testing,  we  tried 
everything  from  simple  Wired  Equivalent 
Privacy  authentication  to  the  most  secure 
802.  IX  authentication  using  802.1  li  (often 
called  WPAv2).  Every  method  we  tried, 
including  Protected  Extensible  Authenti¬ 
cation  Protocol  (PEAP),  Tunneled  Trans¬ 
port  Layer  Security  and  TLS  authentication, 
worked  the  first  time.  This  level  of  interop¬ 
erability  was  positively  eerie,  based  on  past 
testing  experience. 

The  NetScreen-5GT  Wireless  also  can  be 
set  to  require  a  Web-based  authentication. 
When  this  feature  is  enabled,  users  who 
want  to  get  on  the  corporate,  protected  net¬ 
work  first  have  to  use  a  Web  browser  to 
connect  to  the  NetScreen-5GT,and  provide 


a  username  and  password.  We  tested  this 
feature  by  having  the  NetScreen-5GT  Wire¬ 
less  check  the  username  and  password 
against  our  corporate  RADIUS  server  (see 
How  we  did  it  at  www.nwfusion.com, 
DocFmder:6140). 

Although  the  Web  pages  that  Juniper  has 
built  in  for  Web-based  authentication  will 
not  win  any  beauty  contests,  the  function¬ 
ality  this  feature  needs  —  a  place  to  put  in 
a  username  and  password  —  was  all  there. 

The  ability  to  put  each  of  these  WLANs 
into  a  different  security  zone  rounded  out 
the  wireless  capabilities.  In  NetScreen- 
speak,  security  zones  are  the  barriers  be¬ 
tween  different  parts  of  a  network,  and  you 
can  define  security  policy  between  any 
two  zones.This  means  that  each  of  the  four 
WLANs  can  have  a  different  SSID,  can  be 
authenticated  and  secured  differently  and 
can  have  a  different  security  policy  That’s 
great  flexibility  for  the  network  manager. 

The  NetScreen-5GT  Wireless  will  not  chal¬ 
lenge  enterprise-level  wireless  access  point 
or  switch  products.  Although  the  WLAN 
features  are  outstanding,  Juniper  placed 
some  constraints  on  its  use  by  not  support¬ 
ing  all  combinations  of  bridged  and  routed 
configurations.  While  most  configurations 
from  using  different  subnets  or  network 
address  translation  (NAT)  are  supported, 
the  NetScreen-5GT  Wireless  wouldn’t  work 
well  in  an  environment  where  you  expect¬ 
ed  people  to  roam  between  access  points. 

Also,  while  the  NetScreen-5GT  Wireless 
has  full  IPSec  and  Layer  2  Tunneling 
Protocol  VPN  features,  it’s  missing  some 
high-end  WLAN  device  features, such  as  vir¬ 
tual  LAN  support. 

The  NetScreen-5GT  Wireless  has  its  share 
of  rough  edges.  The  initial  setup  wizard  is 
certainly  not  easy  to  use. 

In  addition,  GUI  designers  seem  unfamil¬ 
iar  with  wireless  terms,  which  makes  set¬ 
ting  up  some  parameters  —  such  as  estab¬ 
lishing  wireless  authentication  methods  — 
more  confusing  than  necessary 

For  IT  shops  that  don’t  see  a  need  for  mul¬ 
tiple  WLANs,  the  NetScreen-5GT  Wireless 
can  be  expensive  overkill.  When  fully 
tricked  out  with  anti-virus,  intrusion-preven¬ 
tion  features,  four  WLANs  and  three  wired 
security  zones,  it  lists  for  more  than  $2,000. 

Having  that  much  control  adds  significant¬ 
ly  to  the  bottom-line  cost  because  the  starter 
NetScreen-5GT  Wireless  with  two  wireless 
and  wired  interfaces  starts  at  $770.  If  adding 
a  single  access  point  to  a  wired  network  is 
all  you  want,  a  $50  wireless  802. 1 1  b/g  access 
point  would  be  a  better  addition. 

In  larger  offices  or  environments  where 


secure,  controlled  wireless  is  important,  the 
NetScreen-5GT  Wireless  brings  a  wealth  of 
features.  It  builds  on  the  powerful  core  of 
features  in  all  NetScreen  firewalls,  including 
in-line  anti-virus  and  intrusion  prevention, 
flexible  VPN,  firewall  policy  and  NAT  fea¬ 
tures,  along  with  an  easy-to-use  manage¬ 


ment.  The  NetScreen-5GT  Wireless  offers  a 
lot  of  security  power  in  an  elegant  package. 

Snyder  is  a  senior  partner  at  Opus  One  in 
Tucson,  Ariz.,  specializing  in  information 
security  and  messaging  applications.  He  can 
be  reached  at  joel.snyder@opusl .com. 
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Stalemate 

continued  from  page  1 

for  the  Advancement  of  Struc¬ 
tured  Standards  (OASIS)  and  was 
the  focus  of  an  interoperability 
test  among  13  vendors  at  last 
months  RSA  Conference. 

Microsoft,  along  with  its  partner 
IBM,  created  a  similar  specifica¬ 
tion  called  WS-Federation  and 
plans  to  support  it  this  fall  when  it 
ships  Active  Directory  Federation 
Services  (ADFS),  which  lets  an 
identity  credential  issued  by  one 
company  be  used  across  partner 
networks.  The  specification  has 
not  been  submitted  to  a  stan¬ 
dards  body,  but  at  the  RSA 
Conference,  Bill  Gates,  Microsoft’s 
chief  software  architect,  called 
federation  a  milestone  for  the 
company’s  security  efforts. 

Sources  close  to  the  interoper¬ 
ability  effort  between  the  two  say 
Sun  is  pressuring  Microsoft  to 
submit  WS-Federation  to  OASIS 
for  integration  with  SAML,  much 
like  the  Liberty  Alliance  aligned 
with  SAML  2.0. 

“They  are  quiet  on  the  idea  or 
don’t  want  to  do  it  in  a  healthy 
wa/says  the  source,  who  recalled 
Microsoft’s  adoption  of  Kerberos 
in  Windows  2000  and  the  key 
tweak  it  made  to  the  specification 
that  tied  it  to  Windows,  which 
caused  an  uproar  with  users  and 
Kerberos  authors  at  the  Massa¬ 
chusetts  Institute  of  Technology 
Microsoft  used  Kerberos  as  the 


foundation  for  its  first  attempt  at 
federated  identity 

Microsoft,  while  not  discussing 
details  of  its  work  with  Sun,  is 
clear  on  its  strategy 

‘As  for  Liberty  and  SAML  proto¬ 
col  support,  we  have  no  current 
plans  to  support  those,”  says  Mi¬ 
chael  Stephenson,  Microsoft’s 
group  product  manager  for  Win¬ 
dows  Server.  Microsoft  supports 
the  SAML  security  token  format 
along  with  Kerberos  for  use  with 
WS-Federation,  but  not  the  SAML 
protocol  that  manages  the  token 
exchange.  “We  remain  optimistic 
that  these  protocols  could  come 
together  with  what  we  are  doing 
with  WS-Star)  he  says. 

WS-*  (pronounced  WS-Star)  is  a 
collection  of  protocols  for  provid¬ 
ing  security  and  other  services  in 
a  Web  services  environment,  in¬ 
cluding  WS-Security,  an  OASIS 
standard  developed  by  Microsoft 
and  IBM  that  ironically  integrates 
with  both  Liberty  and  SAML. 

“I  don’t  think  Microsoft  and  IBM 
and  maybe  the  WS-Star  frame¬ 
work  gets  credit  where  it’s  due,” 
says  Jamie  Lewis,  president  of 
Burton  Group.  “What  they  have 
said  is  we  need  a  token-indepen- 
dent  exchange  infrastructure.That 
makes  as  much  intuitive  sense  as 
federation  itself.  Does  anybody 
think  we’ve  seen  the  last  token  for¬ 
mat?  That  is  a  point  Liberty  and 
SAML  need  to  acknowledge.” 

Those  specifications  tightly  tie 
the  protocol  to  the  token  format. 


Talkin'  about  evolution 

Burton  Group  predicts  that  identity  federation  will  evolve  in  three  waves  over  the  coming 
years  that  will  increase  the  complexity  of  the  technology  and  its  value  to  companies. 
Here  is  a  look  at  the  significant  characteristics  of  each  wave. 


2005 

•  Leverage  current  business 
relationships  and  legal 
engagements. 

•  Use  in  extranets  and  Web  single 
sign-on. 

•  Features  confined  mostly  to 
authentication  assertions, 
account  linking  and  simple 
attribute  exchange  based  on 
SAML  1.x  or  Liberty  Identity 
Federation  Framework. 

SOURCE:  BURTON  GROUP 

Sun  officials  would  only  say  they 
will  continue  to  work  with  Micro¬ 
soft  to  develop  interoperability 
standards. 

But  some  users  are  miffed  that  a 
convergence  isn’t  imminent. 

“We  have  some  partners  that  are 
in  bed  with  Microsoft,  and  they 
say  they  need  to  deploy  ADFS, 
and  they  need  to  do  federation,” 
said  an  IT  architect  with  a  Fortune 
500  company  who  requested 
anonymity“But  we  use  SAML.  Our 
position  is  we  won’t  touch  the  WS- 
Star  stuff  until  it  is  in  a  standards 
body  If  we  do,  Microsoft  points  to 
us  and  says, ‘Look  at  all  these  big 
players  using  our  stuff,  why  should 


2006-2007 

•  industry-specific  federations. 

•  Limited  trust  relationships  and 
industry-specific  agreements. 

•  SAML  2.0,  WS-*  support. 

•  Privacy-related  controls 
widely  implemented  based  on 
Shibboleth  or  Liberty  Identity 
Web  Services  Framework. 


we  make  it  open?’” 

The  architect  says  eventually 
they  might  have  to  deploy  a  gate¬ 
way  to  support  both. “The  pain  is 
not  how  to  make  it  work  but  pay¬ 
ing  our  vendor  to  develop  extra 
code  so  we  can  support  WS- 
Federation.  It’s  costly  and  it  is  slow¬ 
ing  things  down,"  he  says. 

Others  complain  Microsoft,  so 
far,  is  only  re-creating  what  is 
already  available.  Its  first  support 
of  WS-Federation  will  only 
include  browser-based  single 
sign-on,  a  near  mirror  of  the  cur¬ 
rent  SAML  and  Liberty  features. 
Integration  with  WS-*  for  iden¬ 
tity  exchange  among  applica- 


Micromuse  makes  service  mgrnt  foray 


■  BY  DENISE  DUBIE 

Micromuse  plans  to  unveil  next  month  soft¬ 
ware  bundles  designed  to  help  companies 
more  quickly  relate  network  faults  to  applica¬ 
tion  performance  and  ensure  that  perfor¬ 
mance  meets  to  pre-defined  service  levels. 

The  company  best  known  for  its  Netcool 
fault  management  software,  says  it  integrated 
current  technologies,  developed  some  new 


More  online! 

Successful  network  management  means  finding  ways  to 
bridge  the  gap  between  what  the  enterprise  demands  and 
what  today’s  technology  and  best  practices  can  deliver. 
Attend  a  new  Network  World  Live  '05  Technology  Tour 
Event  that  delivers  new  tools  and  real  world  solutions, 
DocFinder  5834 


technologies  and  added  capabilities  licensed 
from  application  discovery  vendor  Collation 
to  round  out  its  two  business  service  manage¬ 
ment  offerings:  BSM  Availability  and  BSM 
Assurance.  While  Micromuse  already  deliv¬ 
ered  software  to  measure  the  impact  of  net¬ 
work  events  on  service  levels  by  correlating 
data  from  multiple  sources  with  its 
Netcool/SLA  Manager,  company  representa¬ 
tives  say  the  BSM  applications  will  incorporate 
intelligent  analysis  about  the  application  per¬ 
formance  and  the  network. 

Scott  Orr,  manager  of  enterprise  manage¬ 
ment  systems  at  Dallas  outsourcer  Affiliated 
Computer  Services,  uses  several  Micromuse 
management  applications  across  15  data  cen¬ 
ters  but  says  the  software  maker  needs  to  do 
more  work  before  he  commits  to  piloting  its 
BSM  products. 

“BSM  requires  a  product  to  integrate  perfor¬ 
mance  alerts  and  indicators  from  multiple  sys¬ 
tems  to  bring  that  all  together  in  one  view)  Orr 
says.  “Netcool  does  that  now  with  network 
events  and  provides  a  single  view  of  events 
across  the  data  center,  but  the  company  needs 
to  do  more  work  on  integrating  performance 
with  fault  management." 


Management  software  makers,  such  as  BMC, 
Computer  Associates,  IBM  Tivoli  and  HRin  the 
past  18  months  have  introduced  products  that 
promise  to  correlate  how  business  services 
perform  based  on  how  well  the  network  infra¬ 
structure  responds  to  and  supports  applica¬ 
tions.  Orr  says  he  is  most  impressed  with  prod¬ 
uct  plans  from  BMC  and  CA,  but  he’s  still  wait¬ 
ing  until  commercial  offerings  mature. 

BSM  Availability  is  server  software  that  lets 
customers  discover  the  application  compo¬ 
nents  across  their  networks  and  model  ser¬ 
vices.  Upon  installation,  the  software  discovers 
applications  and  their  dependencies,  and 
automatically  populates  a  service  mode! 
based  on  the  application  infrastructure.  BSM 
Assurance  takes  it  a  step  further  by  distribut¬ 
ing  agents  to  managed  devices  to  let  more 
automated  analytics  and  actions  be  taken  if  a 
network  fault  causes  a  service  disruption. 

The  company  says  the  Availability  product 
will  let  customers  get  started  with  BSM  by 
identifying  their  application  infrastructures 
and  defining  services,  and  then  adopt  As¬ 
surance  to  take  more  automated  control. 

BSM  Availability  pricing  starts  at  about 
$100,000;  BSM  Assurance  starts  at  twice  that.B 


2008  and  beyond 

•  Dynamic  federations  across 
industries. 

•  Standardized  trust  fabrics 
and  agreements. 

•  Identity  networks. 

•  Dynamic  interactions 
supported  by  sophisticated 
token  exchange  services, 
policy  languages,  and 
distributed  claims  or 
authorization  services. 


tions  in  a  Web  services  environ¬ 
ment  is  not  planned  yet. 

Microsoft  in  some  sense  is  being 
pushed  onto  an  island  by  the 
industry,  including  its  WS-Fed- 
eration  co-author  IBM,  which 
plans  to  support  Liberty,  SAML 
and  WS-Federation  in  a  forthcom¬ 
ing  version  of  its  Tivoli  Federated 
Identity  Manager,  according  to 
Venkat  Raghavan,  manager  of  sec¬ 
urity  products  of  IBM  Tivoli.  RSA 
Security  and  VeriSign,  which  also 
helped  co-author  WS-Federation, 
support  Liberty  and  SAML  And 
other  identity  stalwarts  such  as 
Sun,  Oblix  and  Computer  Associ- 
ates/Netegrity  plan  to  support  all 
three.  Start-up  Ping  Identity’s  open 
source  project,  SourcelD,  already 
supports  the  trio. 

Even  pure  Web  services  vendors 
are  hedging  their  bets.  DataFbwer, 
developer  of  hardware  to  secure 
and  accelerate  XML  traffic,  last 
week  joined  the  Liberty  Alliance. 

“With  technologies  like  Liberty 
and  SAML,  we  can  now  be  a  high- 
performance,  high-security  en¬ 
forcement  point  for  access  con¬ 
trol,”  says  Eugene  Kuznetsov, 
founder  and  CTO  of  DataPbwer. 
He  says  Microsoft  eventually  will 
have  to  support  SAML  because  it 
is  not  going  to  send  its  customers 
away  to  buy  a  server  from  anoth¬ 
er  vendor.  “Microsoft  has  opened 
the  door  a  crack  by  saying  the 
SAML  token  is  legit,”  he  says. 

Despite  the  rift,  users  and  analysts 
agree  convergence  is  inevitable. 

“It’s  not  like  one  side  is  good  and 
the  other  is  bad,”  says  Dan  Blum, 
an  analyst  at  Burton  Group.  “We 
advise  customers  to  focus  on 
SAML  and  Liberty  and  migrate  to 
SAML  2.0  and  look  to  WS-Star  for 
the  Web  services  stuff.  And  we 
urge  Microsoft  and  IBM  to  put 
their  specifications  into  an  open 
standards  body’  ■ 


U4EA  Technologies  pits  its  QoS 
software  up  against  Cisco 

Company's  Guarantee  of  Service  software  delivers  predictable  latency  control 
while  latency  of  rival's  LLQ  solution  varies  markedly  under  load 

Expand  Accelerator  breezes  past  competitors  in 
traffic  management/WAN  link  compression  tests 

Accelerator  4820  delivers  nearly  13  times  the  effective  WAN  link  capacity 
when  compared  to  file  transfer  without  compression 

Force  10  Networks  TeraScale  El  200  switch/router 
pushes  the  throughput  threshold  beyond  terabit 
ceiling  in  performance  tests 

Delivers  more  than  1  Terabyte  of  bidirectional  throughput  and  is  first 
switch/router  tested  by  The  Tolly  Group  to  scale  to  672  GbE  ports 

Tests  reveal  advanced  services,  resiliency  of  Force  10 
Networks  TeraScale  E-Series  El 200  switch/router 

El  200  achieves  100%  of  line-rate  zero-loss  throughput  when  tested  across 
672  Gigabit  Ethernet  ports, diplays  resiliency  and  ability  to  repel  DoS  attacks 


Extreme  bolsters  ExtremeWare  XOS 
to  address  convergence  requirements 

Tests  reveal  extensive  improvments  in  the  areas  of  OS 
modularity,  switch  resiliency,  security,  and  flexibility 
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U4EA  Technologies  pits  its  QoS 
software  up  against  Cisco 


•  Provides  predictable  latency  control  while  latency  of  Cisco  LLQ  solution  varies  markedly  under  load 

•  Guarantees  quality  for  multiple  converged  applications 

•  Assures  network  scalability  without  over-provisioning 

•  Delivers  100%  link  utilization,  while  preserving  quality  traffic  -  LLQ  fails  to  fill  the  link 

•  Ensures  robustness  and  prevents  starvation  in  bursty  networks,  avoiding  VoIP  call  break-up 


U4EA  Technologies  commissioned  The  Tolly  Group  to  evaluate  its 
Guarantee  of  Service  (GoS)  2.0,  an  embeddable  software  suite 
that  is  used  to  manage  network  congestion  in  a  controlled  and 
predictable  way.  GoS  incorporates  patented  queuing,  rate-limiting 
and  traffic-shaping  mechanisms. 

Tolly  Group  engineers  examined  the  Quality  of  Service  capabilities 
offered  by  GoS  2.0  versus  Low  Latency  Queuing  (LLQ),  a  QoS 
technique  developed  by  Cisco  Systems,  Inc.  to  specify  low 
latency  behavior  for  a  specific  traffic  class,  such  as  real-time 
voice.  GoS  2.0  allows  network  managers  to  define  nine  distinct 
traffic  classes  (plus  Best  Effort)  using  a  3x3  matrix  assigning 
different  degrees  of  latency  and  loss.  Cisco  provides  for  a  special 
low  latency  queue,  plus  the  definition  of  traffic  assigned  to 
several  "Fair  Queues"  (plus  Best  Effort). 

Tolly  Group  engineers  subjected  both  technologies  to  a  trio  of 
increasingly  complex  QoS  tests: 

•  Basic  scenario:  This  test  measured  the  delay  of  the  highest 
priority  traffic  in  both  uncongested  and  congested  scenarios. 

•  Differentiation  scenario:  Here  engineers  measured  the  delay 
associated  with  streams  of  different  quality  in  a  congested 
network. 


•  Simulated  VoIP  scenario:  Testers  analyzed  the  delay  and 
amount  of  packets  received  from  25  VoIP  calls  and  one  Best 
Effort  congesting  stream. 

In  each  scenario,  GoS  delivered  predictable,  uniform  low  latency, 
as  opposed  to  Cisco's  LLQ,  which  offered  consistently  higher 
latency  than  GoS  and  less  control  in  multistream  tests  with 
congestion.  Tests  were  conducted  during  August  2004. 

GoS  is  based  on  the  relationship  between  three  aspects  of  any 
queuing  system:  loss,  delay  and  throughput.  The  essential  insight 
behind  GoS  is  that  these  variables  are  interdependent:  if  one  is 
fixed,  a  relationship  is  created  between  the  other  two,  and  if  two 
are  fixed,  the  third  is  determined  by  default,  given  the  current 
operational  behavior  of  the  network.  Therefore,  there  are  two 
degrees  of  freedom  that  the  user  can  control.  It  is  this  principle 
which  uniquely  makes  GoS  both  easy  to  configure  and  effective 
as  a  QoS  provisioning  tool,  able  to  guarantee  delivery  of  quality 
under  all  network  conditions. 

Learn  more  about  GoS  by  reading  the  full  Test  Summary  at: 
http://www.tolly.com/DocDetail.aspx7DocNumber”  204149 
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Average  Delay  for  Highest  Priority  Traffic 
Measured  for  GoS  and  LLQ 


Sponsor:  U4EA 1  ichnolo  ;s 

Document  number:  204149 

Product  Class:  Switch  operating  system 

Products  under  test: 

.  GoS  2.0 

•  Cisco  Sy:  ms  LLQ  (Low  Latency 
Queuing) 

Testing  window:  August  2004 

For  mo  s  lfo  on  1  is  tf  ,  visit: 
http  [v  ww.u4eatech.  om 
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Expand  Accelerator  breezes  past  rivals 
in  traffic  mgmtfWAN  compression  test 


Expand  Networks,  Inc.  commissioned  The  Tolly  Group  to 
benchmark  the  effectiveness  of  the  Expand  Accelerator  4820 
over  other  application  acceleration  solutions  from  Racketeer, 
Inc.  and  Peribit  Corp.  Expand's  Accelerator  4820  is  a  traffic 
management/compression  appliance  (pair)  rated  at  up  to  6 
Mbps  WAN  speeds. 

Engineers  measured  the  effective  "acceleration"  (compression) 
rates  achieved  by  the  Accelerator  4820  when  processing  a 
variety  of  standard  data  files.  The  Tolly  Group  also  performed 
the  same  tests  on  a  PacketShaper  2500,  a  traffic 
management/compression  appliance  (pair)  designed  for  a 
maximum  throughput  of  10  Mbps.  Engineers  also  tested  the 
Peribit  Sequence  Reducer-20,  an  application  delivery 
(compression)  appliance  designed  for  WAN  speeds  up  to  2 
Mbps. 

Engineers  subjected  all  three  devices  to  a  series  of  file  transfer 
tests  in  which  they  had  to  use  real-time  compression 
techniques  to  move  the  Canterbury  Files,  a  collection  of  large 
files,  including  the  Bible,  the  first  million  digits  of  Pi,  and  the 
complete  genome  of  the  E  coli  bacterium.  During  each  WAN 


compression  test,  10  file  transfers  were  conducted.  Tests  were 
conducted  during  September  2004. 

Tests  show  that  on  both  the  compression  and  the  time-to- 
transfer  tests,  the  Expand  Accelerator  4820  exceeded  the 
capabilities  of  the  Peribit  and  the  Packeteer  products  tested. 

In  real-time  compression  tests,  the  Expand  Accelerator  4820 
delivered  eight  times  more  effective  WAN  link  capacity  when 
compared  to  the  Peribit  Sequence  Reducer-20  and  the 
Packeteer  PacketShaper  2500  tested  during  a  second-pass  of 
real-time  compression  tests.  During  the  first  pass  of  data 
through  the  compression  engines,  the  Expand  Accelerator  4820 
led  all  devices  with  a  158%  increase  in  effective  WAN 
capacity.  What  tests  show,  however,  is  the  Expand  Accelerator 
4820  is  able  to  identify  repeat  patterns  in  data  transmitted  a 
second  time,  resulting  in  higher  compression  ratios. 

This  suggests  that  the  Expand  Accelerator  4820  would  provide 
significant  benefits  to  remote  branches,  where  employees  use 
networked  applications  repeatedly  to  access  applications 
hosted  in  the  data  center. 


•  Delivers  nearly  13  times  the  effective  WAN  link  capacity  when  compared  to  file  transfer  without 
compression 

•  Provides  nearly  8  times  more  effective  WAN  link  capacity  than  the  Peribit  and  the  Packeteer  products  tested 

•  Improves  file  transfer  times  by  up  to  five  times  over  the  Peribit  Sequence  Reducer-20  and  the  Packeteer 
PacketShaper  2500  in  a  variety  of  WAN  scenarios 


WAN  Compression  Effectiveness  -  Second  Pass 


Sponsi  Expand  Networks,  Inc. 

Document  number:  204155 

Product  Class:  Traffic  management/compression 
appliance 

Products  under  test: 

•  Expan  Acer  jrator  41  !0  v.  5.0  (3) 

•  Packe  >er  Pi  iketshaper  SW  v.  6.2.1 

•  Peribit  Sequence  Reducer  20SW  v.  version  5. 0.1. 4 

Testing  window:  September  2004 

For  more  info  on  this  test,  visit: 
htt|]^/www.tolly.com/DocDetail.aspx?Do(  Jnmber=2 
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WAN  optimization  products  tested 


Source  The  Tolly  Group,  October  2004 


Figure  1 
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ForcelO  Networks  TeraScale  El 200  switch/router  pushes  the 
throughput  threshold  beyond  terabit  ceiling  in  performance  tests 


•  Achieves  100%  of  line-rate  zero-loss  throughput  when  tested  across  672  Gigabit  Ethernet  ports,  processing  1 
biliion  64-byte  packets  per  second  (pps) 

•  Supports  100%  of  line-rate  zero-loss  throughput  when  tested  across  56  10-Gigabit  Ethernet  ports,  equating  to  over 
1  Terabits  per  second  throughput 

•  Delivers  100%  of  line-rate  zero-loss  throughput  while  handling  over  1  million  Access  Control  Lists  (ACLs)  when  tested  across  56 
10-Gigabit  Ethernet  ports 

•  Sustains  100%  of  line-rate  zero-loss  throughput  when  forwarding  IPv6  packets  at  Gigabit  Ethernet  and  10-Gigabit 
Ethernet  data  rates  in  a  variety  of  configurations 


ForcelO  Networks,  Inc.  commissioned  The  Tolly  Group  to 
measure  the  zero-loss  Gigabit  Ethernet  (GbE)  and  10-Gigabit 
Ethernet  (10-GbE)  throughput  of  the  its  TeraScale  El 200 
switch/router,  and  to  determine  the  capability  of  the  device 
to  scale  zero-loss  throughput  across  a  large  number  of  users. 

Performance  tests  conducted  in  August  2004  show  that  the 
El 200  delivers  scalable  throughput,  at  full  line  rate,  even 
when  advanced  features  such  as  access  control  lists  (ACLs) 
are  turned  on.  Moreover,  the  El 200  delivers  full  line-rate  GbE 
over  672  ports,  marking  the  first  time  The  Tolly  Group  has 
benchmarked  a  Layer  2/Layer  3  switch/router  that  scales  to 
such  heights. 

In  Layer  2  zero-loss  GbE  throughput  tests,  the  El 200 
delivered  line-rate  bidirectional  throughput  of  1.34  Tbps  and 
processed  1  billion  packets  per  second.  During  the  test, 
bidirectional  traffic  from  an  Ixia  1600T  traffic  generator 
flowed  across  14  48-port  Gigabit  Ethernet  line  cards  (672 
Gigabit  Ethernet  ports)  populated  in  the  El 200. 


In  Layer  2  zero-loss  10-GbE  throughput  tests,  the  El 200 
achieved  full-line  rate  throughput  across  56  10-Gigabit 
Ethernet  ports,  equating  to  more  than  1  Tbps  of  bidirectional 
throughput.  Engineers  measured  the  bidirectional  zero-loss  10- 
Gigabit  Ethernet  throughput  across  14  four-port  10-GbE  line 
cards. 

During  both  tests,  the  El 200  delivered  zero-loss  line-rate 
throughput  while  processing  more  than  one  million  ACLs. 

Further  testing  demonstrated  zero  packet  loss  hitless  failover 
of  key  system  components  such  as  the  Route  Processor 
Modules  (RPM)  and  Switch  Fabric  Modules  (SFM). 

The  ForcelO  El 200  has  many  of  the  resiliency  features  and 
performance  characteristics  that  make  it  an  ideal  core  or 
aggregation  switch/router  in  a  large-scale  enterprise,  data 
center  or  service  provider  network. 


Layer  3  Gigabit  Ethernet  Line  Card  Throughput 

Across  48  Ports  in  a  Full-Mesh  Configuration 
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Sponsor:  ForcelO  Networks 
Document  number:  204147 
Product  Class:  High-performance  switch/router 
Products  under  1  st: 

•  TeraScale  El 200  Resilient  Switch/R  uter  ers  n 
4.4.2.107  (Ve  >ion  6.1.1  .C  low  shipping) 

Testing  window:  August  2004 

For  more  info  on  this  test,  visit: 
http://www.force10networks.com/products 


Special  Advertising  Section 

Tests  reveal  high  performance;  resiliency  of  ForcelO 
Networks  TeraScale  El  200  switch/router 


ForcelO  Networks,  Inc.  commissioned  The  Tolly  Group  to 
evaluate  its  TeraScale  El 200  switch/router,  a  chassis-based 
system  with  14  line-card  slots,  plus  built-in  redundancy  and 
resiliency  features.  Tests  were  conducted  in  August  2004. 

The  tests  demonstrate  that  the  El 200  delivers  high 
performance,  zero  loss  throughput  and  advanced  resiliency 
during  a  component  failure  or  Denial  of  Service  attack.  They 
also  confirm  that  the  system  delivers  QoS  capabilities  to  serve 
large-scale  enterprise  and  service  provider  networks. 

Further  tests  verify  that  the  El 200  delivers  line-rate  zero-loss 
throughput  with  a  SFM  or  RPM  failover.  These  redundancy 
mechanisms  guarantee  that  the  TeraScale  El 200  can  handle 
the  failover  load,  enabling  large-scale  enterprise/service 
provider  network  managers  to  provide  fail-safe  service.  Such 
tests  provide  a  baseline  of  redundancy  capability  so  that 
in-service  healing  of  a  'sick'  device  can  be  performed  with 
confidence  that  the  remaining  infrastructure  will  cope  with  the 
surge  of  failover  load. 


Likewise,  link  failover  tests  confirm  that  when  network  links 
fail,  the  El  200  line  cards  achieve  rapid  failover  to  alternate 
paths,  often  times  in  a  fraction  of  the  time  required  to  revive 
SONET/SDH  links. 

The  tests  also  confirmed  that  the  El 200  could  withstand 
multiple  Denial  of  Service  attacks  without  impacting  Layer  2  or 
Layer  3  traffic. 

Beyond  non-stop  networking,  tests  also  verify  that  the  El 200 
provides  the  quality  of  service  features  to  support  large-scale 
voice,  video  and  data  activity. 

Architects  of  large-scale  enterprise  and  service  provider 
networks  realize  that  scalability,  reliability,  line-rate 
performance,  and  full  Layer  2  switching  and  Layer  3  routing 
functionality  are  essential  for  today's  most  demanding  network 
applications.  This  report  offers  proof  that  the  El 200  delivers 
the  type  of  non-stop  networking,  advanced  QoS  and  scalability 
capabilities  required  to  support  these  networks. 


•  Achieves  100%  of  line-rate  zero-loss  throughput  when  tested  across  672  Gigabit  Ethernet  ports 

•  Supports  100%  of  line-rate  zero-loss  throughput  when  tested  across  56  10-Gigabit  Ethernet  ports  during  a  switch 
fabric  module  failover,  while  passing  over  1  Terabits  per  second  of  traffic 

•  Achieves  100%  of  line-rate,  zero-loss  throughput  while  processing  1  billion  64-byte  packets  per  second 

•  Recovers  from  link  outages  in  less  than  2  milliseconds  with  a  single  Layer  2  flow,  and  less  than  1  millisecond  with 
16  million  Layer  3  flows,  both  well  below  the  failover  time  usually  reserved  for  SONET/SDH  links 

•  Maintains  all  BGR  OSPF  and  Telnet  sessions  even  when  hammered  by  a  multi-headed  Denial  of  Service  attack 


Sponsor:  ForcelO  Networks  ^1 
Document  number:  204148 
Product  Class:  High  performance  switch/router 
Products  under  t 

•  TeraScale  El 200  Resilient  Swit  h/Router  Version 
4.4.2,107  (Version  6. 1.1.0  now  shipping) 

Testing  window:  August  2004 

For  more  info  on  this  est,  visit: 
ttp://www.force10networks.com/products 


56-Ports  10-Gigabit  Ethernet  Bidirectional  Test 
(Switch  Fabric  Module  Failover) 

As  Reported  by  IxExplorer 
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Packet  size 
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PESQ  Scores  (-1-4.5) 


Broadband  VoIP  Service: 

PESQ  Voice  Quality  vs.  Packet  Drop  Rate 

Test  Using  Simulated  1  Mbps  SDSL  Line 

(Higher  scores  are  better) 
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Benchmarks 


Every  time  your  IT  organization  embraces  a  new  technology,  the 
same  cycle  kicks  into  gear  -  you  dedicate  resources,  and  time,  to 
investigate  the  latest  promising  product  or  technology. 

Yet,  if  you're  like  so  many  of  your  peers,  you're  pressed  for  time,  your 
resources  are  spread  all  too  thin  and  upper  management  wants 
answers  now. 

You  need  ITclarity™  reports  from  The  Tolly  Group.  The  Tolly  Group  is 
the  industry's  most  respected  independent  testing  and 
consulting  firm. 

Our  ITclarity  research  reports  are  hands-on,  highly  focused 
assessments  of  new  technology.  They  deliver  the  answers  you 
need  about  a  new  technology  so  you  don't  have  to  spend  the  dollars 
or  dedicate  the  manpower  to  a  technology  incubator. 

What's  more,  ITclarity  reports  cost  less  than  you'd  spend  having  a 
single  engineer  burn  through  a  few  hours  just  getting  familiar  with 
the  technology. 

Browse  through  our  ITclarity  reports  on  Voice  over  IP  We'll  be 
posting  reports  regarding  VoIP  services  from  AT&T  Verizon, 
Vonage,  Skype  net2phone  and  more!  We  conduct  technology 
assessment  testing  everyday,  so  we  know  what  data  points  you 
need  to  make  intelligent  decisions. 

Check  out  ITclarity  and  learn  how  reliance  on  The  Tolly  Group's 
hands-on  testing  data  can  kick-start  your  technology  deployment 
and  save  you  considerable  time  and  money. 

Visit  ITclarity  on  the  Web  at  http://www.tollyresearch.com  or  call 
(561)  391-5610  ext  100  for  more  info. 


Special  Advertising  Section 

Extreme  Networks  bolsters  ExtremeWare 
XOS  to  address  convergence  requirements 


Convergence  is  forcing  major  equipment  suppliers,  such  as 
network  switch  makers,  to  take  a  long,  hard  look  at  their 
monolithic  operating  systems  and  retool  them  to  meet  the  needs 
of  converged  networks. 

Extreme  Networks,  Inc.  commissioned  The  Tolly  Group  to  audit 
a  series  of  network  tests  at  the  company's  Santa  Clara,  Calif, 
headquarters  in  December  2004  to  demonstrate  that  it  has 
made  significant  strides  with  its  ExtremeWare  XOS™  to  address 
the  unique  needs  of  convergence  in  the  enterprise.  ExtremeWare 
XOS  has  been  shipping  on  the  vendor’s  BlackDiamond  10K 
series  switches  since  December  2003  and  now  is  available  on 
Extreme's  newest  platform,  the  Aspen  8800  series  switch  line. 

Tests  focused  on  a  number  of  functions  critical  to  support 
converged  networks:  OS  modularity,  switch  resiliency,  security, 
and  flexibility. 

In  every  instance,  ExtremeWare  XOS  demonstrated  significant 
design  advances  that  mirror  some  of  the  capabilities  offered  on 
a  carrier  network  level.  Tests  illustrate  that  Extreme  has 
architected  its  next-generation  OS  with  a  high  degree  of 
modularity,  which  allows  its  products  to  avoid  downtime  at  all 
costs,  embedded  new  levels  of  security  intelligence  to  enable  its 
switches  to  be  proactive  in  dealing  with  security  threats,  and 


provided  resiliency  features  to  enable  switches  to  keep 

operating  even  when  changes  or  additions  are  being  made  to 

the  core  OS.  Some  of  the  reports  chief  findings: 

•  ExtremeWare  XOS  has  the  intelligence  to  restart  a  process  on 
the  fly  when  a  process  halts  or  crashes.  Older  switch  OSs 
tend  to  hang  or  crash  the  entire  system  when  a  single 
process  fails. 

•  ExtremeWare  XOS  employs  a  new  virtual  switch  domain 
concept  that  enables  network  managers  to  partition  a  single 
switch  into  many  virtual  switches. 

•  ExtremeWare  XOS  blends  traffic  monitoring,  data  analysis 
and  policy  responses  to  identify  and  thwart  DoS  attacks 
before  they  fully  saturate  the  network. 

•  Even  during  a  simulated  failure  of  a  software  process,  the 
BlackDiamond  10K  and  the  Aspen  8810  switches  tested 
hummed  along  without  even  the  slightest  hiccup.  Software 
components  can  be  swapped  into  the  live  switch  without 
taking  down  the  device. 

View  the  full  white  paper  at: 

http:j/www.tolly.com/DocDetail.aspx?Docl\lumber= 205100 


•  Enables  nonstop  networking  to  users  in  the  event  of  an  upgrade,  outage,  or  DoS  attack 

•  Supports  dynamic  loading  and  unloading  of  software  components  without  impacting  active  network  services.  Software 
components  can  be  swapped  into  the  live  network  without  taking  down  the  switch  device. 

•  Blends  traffic  monitoring,  data  analysis  and  policy  responses  to  identify  and  thwart  DoS  attacks  before  they  fully  satu¬ 
rate  the  network 

•  Monitors  per-flow  traffic  types  constantly  using  CLEAR-Flow  and  dynamically  invokes  user-definable  policy  responses 
when  certain  conditions  exist 

•  Adds  virtual  switch  domains  that  enable  managers  to  create  eight  logical  switches  per  one  physical  switch.  Virtual 
switch  domains  provide  separation  of  the  route  table  and  route  processes  to  enable  overlapping  IPs  and  enhance  security. 


Sponsor:  E  le  Networks 

Document  number:  205100 

Product  Class:  Switch  operating  system 

Products  under  test: 

•  ExtremeWare  XOS  Version  11.1.1.7  running  on  a  BlackDiamond  10808  and  an  Aspen  8810 


Testi  g  ndow.  December  2004 

For  more  info  on  this  test,  visit:  http:/|www  sxtremenetworks.com 
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NetworkWorld 

TECHNOLOGY  TOUR  AND  EXPO 


THIS  EVENT  IS  COMING  TO  A  CITY  NEAR  YOU 


DENVER,  CO  |  March  22,  2005  CHICAGO,  IL  I  March  24,  2005 
NEW  YORK,  NY  I  March  29,  2005  BOSTON,  MA  I  March  31,  2005 


COMPLIMENTARY  EVENT  FOR 
PROFESSIONALS  ONLY 

SOLUTIONS  &  STRATEGIES  IN  7  KEY 
MANAGEMENT  TECHNOLOGIES 

►  Applications 

►  Security 

►  Business  Services 

►  Performance 

►  Configuration  and  Patch 

►  Service  Level 

►  Web  Services 


WHO  WILL  BE  THERE? 


Network 

Management/ 

IT  Automation 

and  the  Agile  Enterprise:  Tools  to  Bridge  the  Gap 


hat  ultimately  makes  an  agile  enterprise  agile?  The  sudden  realization 
there's  a  dangerous  gap  between  what  the  enterprise  expects  and  the 
management  tools  you  need  when  a  new  opportunity  looms.  Or 
growth  is  rapid.  Or  a  crisis  strikes. 


Will  you  be  ready?  Attend  Network  Management/IT  Automation  and 
the  Agile  Enterprise:  Tools  to  Bridge  the  Cap,  a  new  Network  World  Technology 
Tour  Event  and  Expo.  Get  a  roadmap  for  the  12  months  ahead.  Hear  advice  from 
expert  colleagues.  Learn  about  the  latest  tools,  technologies,  and  best  practices  for 
successful  network  management.  Qualify  to  attend  and  you'll  gain  a  years  worth 
of  responsive,  reality-based  solutions  with  practical  know-how  all  in  one  day.  Register 
now.  While  this  event  is  free  to  professionals,  space  is  limited. 


Register  now  at  www.nwfusion.com/NMW5A2 
or  call  800-643-4668 

Advance  reservation  by  qualified  professionals  is  required  for  complimentary  attendance 


PRESENTING  SPONSORS 


►  Jim  Metzler,  President,  Ashton,  Metzler 
and  Associates,  Network  Consultants, 

►  Senior  IT  executives  and  C-level 
directors  with  responsibilities  in 
operations,  infrastructure,  applications 
and  security 

•  CTOs  ,  CIOs,  CSOs 

•  VPs  of  IT 

•  VPs  of  Networking 

•  Directors  of  Operations 

•  Network  Architects 

•  Network  IT  Managers 

►  Leading  solution  partners 


This  event  is  limited  to  Network  and  IT  professionals 
involved  in  the  evaluation,  purchase  and  implementation 
of  network  management  products  and  services.  Network 
World  Events  reserves  the  right  to  determine  total 
audience  and  profile  of  complimentary  attendees. 

Paid  registration  is  also  available. 
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Vendors  target  IP  video  hurdles 


1 3Com  laid  off  220  employees  — 
about  11%  of  its  workforce  —  last 
month,  the  company  said  in  a  recent 
filing  with  the  Securities  and  Exchange 
Commission.  According  to  documents 
filed  Feb.  25,  the  layoffs  occurred 
between  Feb.  18  and  23.  One  hundred 
positions  were  eliminated  in  3Com’s 
U.S.  offices;  90  jobs  were  cut  in  Ireland, 
and  30  were  cut  in  the  U.K.  3Com  said 
the  move  was  part  realignment  of  its 
product  teams,  and  an  effort  to  cut 
costs  in  R&D  and  product  manage¬ 
ment.  The  company  said  it  will  take  a 
$15  million  charge  in  its  fiscal  fourth 
quarter  as  a  result  of  the  restructuring. 
3Com’s  fiscal  year  ends  in  May. 


■  BY  JASON  MESERVE 

February  2005  may  go  down  as  the 
beginning  of  the  end  for  the  last  technical 
hurdle  blocking  widespread  adoption  of 
corporate  IP  videoconferencing  —  the 
issue  of  firewall  and  network  address 
translation  traversal. 

With  calls  over  IP  networks  (as  opposed 
to  using  ISDN)  hitting  the  50%  mark  this 
year,  according  to  Wainhouse  Research, 
the  issue  of  firewalls  and  NATs,  which  pro¬ 
vide  private  IP  addresses  for  a  domain  but 
are  a  wrench  in  the  works  when  trying  to 
make  a  successful  IP  video  call,  is  coming 
to  a  head. The  biggest  names  in  the  video- 
conferencing  arena  —  Polycom  and 
Tandberg  —  are  among  a  handful  of  ven¬ 
dors  releasing  products  that  help  transi¬ 
tion  H.323-based  video  calls  through  a 
firewall  or  private  IP  address  (NAT)  system 


to  an  outside  party  without  having  to 
make  drastic  changes  to  security  policies. 

H.323,  the  umbrella  protocol  that  is  the 
standard  for  IP  conferencing,  is  inherently 
flawed  when  it  comes  to  dealing  with 
secured  network  perimeters  and  private 
IP  addresses,  which  are  used  in  the  major¬ 
ity  of  corporate  networks. 

The  issue  is  twofold,  signaling  and 
media,  says  Arnold  Englander,  an  associ¬ 
ate  at  Perey  Research  and  Consulting.  On 
the  signaling  side,  the  port  addresses  of 
incoming  packets  are  varied  in  the  H.323 
header  and  not  sitting  at  the  top,  where  a 
firewall  would  look  for  the  information. 

“A  firewall  looks  at  the  packet  and  asks, 
‘Is  this  coming  from  a  place  where  I  can 
receive  it?’  but  the  information  is  not 
there,”  Englander  says.  “The  real  informa¬ 
tion  is  inside  the  H.323  sub-packets.  The 
TCP/IP  wrapper  does  not  have  the  detail 


information  needed”  for  the  firewall  to 
make  the  right  decision. 

Even  if  the  signaling  issue  were  fixed, 
there  is  still  the  issue  of  passing  voice  and 
video  through.  H.323  uses  multiple,  some¬ 
what  random  ports  for  each  call.Two  calls 
might  use  completely  different  ports.  A 
firewall  might  let  outgoing  voice  and 
video  through  but  not  the  incoming  side 
of  the  call.  If  both  participants  are  behind 
a  firewall,  the  call  will  be  silent  and  black, 
Englander  says. 

For  intra-company  communications  or 
with  telecommuters  on  a  VPN,  the  firewall 
issue  usually  doesn’t  come  into  play 
because  most  of  the  traffic  stays  inside  the 
network  perimeter.  It  comes  up  with  inter¬ 
company  communications,  where  one  or 
more  firewalls  are  in  play 

The  simple  way  to  get  around  the  firewall 
See  Videoconferencing,  page  18 


■  PowerDsine  this  week  will  an¬ 
nounce  a  48-port  Power-over- 
Ethernet  midspan  product  that 
fits  into  a  single  rack-unit  slot.  The 
midspan  device  lets  users  deploy  PoE 
with  current  switch  equipment,  in¬ 
stead  of  replacing  wiring  closet  gear 
with  PoE-capable  switches.  The  prod¬ 
uct  plugs  into  ports  on  a  regular 
Ethernet  switch  and  provides  802.3af 
PoE  links  to  desktop  devices  such  as 
IP  phones,  or  wall-mounted  wireless 
LAN  access  points  or  security  cam¬ 
eras.  The  48-port  midspan  product 
starts  at  $2,000. 


■  The  Advanced  Switching  inter 
connect  Special  Interest  Group  last 


■■I*. 


week  approved  a  new  release  of  its 
ASI  specification  aimed  at  providing 
Ethernet  switch  makers  with  a  non¬ 
proprietary  technology  for  building 
backplane  architectures.  ASI  is  based 
on  the  PCI  Express  standard  for  high¬ 
speed  I/O  connectivity  for  servers  and 
PCs.  Version  1.1  includes  several  new 
features,  such  as  the  ability  to  encap¬ 
sulate  any  protocol  for  transport  over 
an  ASI-based  backplane.  ASI  SI6 
says  the  additions  in  1.1  will  make  it 
easier  for  vendors  to  build  switches 
that  transport  various  types  of  traffic 
across  a  backplane.  The  interoperabili¬ 
ty  technology  also  will  let  switches  be 
built  with  chips  and  components  from 
a  wider  variety  of  switch  component 
and  silicon  vendors,  such  as  Intel, 
PMC-Sierra  and  Freescale. 


Adtran  powers  phones,  access  points 


support  for  Power  over  Ethernet,  Gigabit  Ethernet  uplinks. 
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NetVanta  1224  STR  PoE  is  one  of  four  new  Power-over-Ethernet  switches  from 
Adtran. 


New  switches  add 

■  BY  TIM  GREENE 

Looking  to  simplify  cor¬ 
porate  Gigabit  Ethernet 
and  VoIP  installations, 

Adtran  is  rolling  out 
switches,  routers  and 
combination  switches 
with  integrated  routers  that  support  VoIP 
handsets  and  wireless  access  points  all 
offering  in-line  power  support. 

The  new  devices  —  NetVanta  1224  PoE, 
1224  R  PoE,  1224  ST  PoE  and  1224  STR  PoE 
—  feature  Power  over  Ethernet  and  sup¬ 
port  WAN  interfaces  to  route  traffic  to 
other  corporate  sites.  Two  of  the  switches 
have  Gigabit  Ethernet  ports  to  support 
connections  to  servers  or  link  switches 
together  so  they  can  be  stacked. 

The  devices  are  well  suited  to  small 
offices  or  branches  where  price  and  sim¬ 
plified  management  are  key,  says  Wayne 
Gardner,  network  solutions  division  man¬ 
ager  at  Camber  in  Huntsville,  Ala.,  which 
beta-tested  the  NetVanta  1224  STR  PbE. 

He  installed  it  in  a  new  doctor’s  office  to 
support  eight  Avaya  IP  phones  connected 
to  an  Avaya  IPOffice  403  call  server.  He 
says  the  unit’s  integrated  firewall  and  PoE 
made  it  possible  to  use  one  device  rather 
than  a  switch  and  separate  firewall. 

The  single  box  is  simpler  to  manage  via 


a  Web  GUI  that  he  says  can  be  understood 
without  instructional  documentation.  He 
says  he  has  used  Web  access  to  reset  fire¬ 
wall  parameters  to  allow  access  to  a  new 
medical  database  application. 

Price  was  also  a  factor, he  says.  While  the 
NetVanta  devices  don’t  have  as  many  fea¬ 
tures  or  the  flexibility  of  similar  switches 
by  other  vendors,  they  are  less  expensive, 
he  says.  A  24-port  Cisco  PoE  Catalyst  3550, 
which  has  no  WAN  port,  costs  between 
$2,700  and  $3,700.The  most  expensive  of 
the  new  NetVanta  switches  cost  $2,300. 

Gardner  says  he  priced  a  Cisco  switch 
and  P1X  firewall,  and  found  the  NetVanta 
switch  to  cost  40%  less. 

While  Gardner  used  the  device  in  a  sin¬ 
gle  office,  customers  looking  to  deploy 
large  numbers  of  switches  and  routers  to 
branches  offices  would  be  likely  cus¬ 
tomers  for  these  switches,  says  Daniel 
Golding,  an  analyst  at  Burton  Group. They 
are  fixed-configuration  boxes  that  can  be 
used  in  situations  where  customers 


wouldn’t  change  settings 
much  once  they  are 
installed.  “I  could  see 
them  in  a  retail  chain, 
where  you  buy  5,000  of 
them  and  roll  them  out 
to  all  locations  and  you 
never  want  to  mess  with 
them  again,”  he  says. 

Adtran  is  also  introducing  a  24-port 
Gigabit  Ethernet  switch  called  NetVanta 
1524.  It  comes  with  28  physical  ports  — 
four  of  them  fiber  —  but  only  24  can  be 
active  at  once. 

Known  for  its  low-cost  family  of  access 
routers,  Adtran  jumped  into  the  switch 
arena  about  a  year  ago  with  its  family  of 
NetVanta  1000  devices.  The  company 
competes  with  a  variety  of  players  in  the 
low  end  switch/routing  arena,  including 
3Com,  Allied  Telesyn,  Cisco  and  Netgear. 

Pricing  for  the  new  devices:  NetVanta 
1224  R  PbE,  about  $2,200;  1224  STR  PbE, 
about  $2,300;  1224  PoE,  $1,800;  1224  ST 
PoE,  $1,900.  NetVanta  1524  costs  about 
$1,400.  ■ 
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Getting  through 

Pros  and  cons  of  various  firewall/NAT  traversal  options. 


Approach 

Pros 

Cons 

Endpoint  in  DMZ 

Simplest  and  least  expensive. 

Accepted  practice  for  group  videoconferencing  systems. 

Generally  will  not  be  permissible  for  desktop 
videoconferencing. 

VPN 

Simple  with  in-place  technology. 

Security  policy  issues. 

Overloading  from  unplanned  video  bandwidth. 

H.323-aware  firewall 
(Polycom  V2IU) 

Trend  on  the  part  of  firewall  vendors  driven  by  VoIP. 

Outbound-only  call  model. 

Requires  modification  of  firewall  and  security  plan. 
Might  not  scale  for  video  if  sized  for  audio. 

Must  be  deployed  at  every  boundary  on  call  path. 

Semi-Tunnels/Transparent 
Traversal  (Tandberg 
Expressway) 

Does  not  require  deployment  at  every  boundary. 

No  modification  required  for  firewalls. 

All  traffic  is  routed  through  one  server. 

Could  create  a  bottleneck. 

Extra  hop  might  increase  latency. 

SOURCE:  PEREY  RESEARCH  AND  CONSULTING 


Videoconferencing 

continued  from  page  17 

issue  is  to  open  the  firewall  to  all  H.323  traf¬ 
fic  (not  secure)  or  put  the  videoconferenc¬ 
ing  endpoint  in  the  DMZ  and  give  it  a  pub¬ 
licly  routable  IP  address,  also  not  a  secure 
option,  particularly  when  PC-based  end¬ 
points  are  used. 

One  major  university  that  handles  a 
video  network  for  a  government  agency 
runs  into  the  issue  occasionally  and  uses  a 
variation  of  the  “open  the  firewall  for  H.323 
traffic” method.“The  solution,  for  most  sites, 
has  been  for  the  sites  to  ‘trust’  the  server 
addresses  that  deal  with  collaboration  ser¬ 
vices,  such  as  gatekeepers  and  MCUs,”says 
the  video  network’s  administrator,  who 
asked  not  to  be  named. The  problem  with 
this  method  is  that  an  attacker  could  com¬ 
promise  one  of  the  trusted  domains  and 
potentially  have  access  to  all  the  other  sites 
in  the  community 

For  those  looking  for  something  more 
secure,  there  are  a  now  a  number  of 
options. 

Tandberg’s  new  Expressway  offering  is 
based  on  technology  from  Ridgeway  Sys¬ 
tems,  which  Tandberg  acquired  last  year.  It 
is  designed  to  work  with  a  firewall  by  tun¬ 
neling  H.323  traffic  into  three  registered 
ports:  1719,2776  and  2777.The  only  poten¬ 
tial  change  needed  in  the  firewall  policy  is 
to  open  these  ports  to  traffic. 

Two  devices  are  needed,  one  on  each 
side  of  the  firewall.  The  Tandberg  Border 
controller  appliance  sits  on  the  outside  of 
the  firewall.  On  the  inside,  there  must  be  a 
Tandberg  MXP  endpoint  with  the  latest 
software  update  or  a  Gatekeeper  appliance 
that  can  be  used  to  aid  non-Tandberg  end¬ 
points  through  the  firewall,  says  Mike 
Walker,  director  of  emerging  technology  at 
Tandberg.  An  endpoint  must  register  with 
the  Border  Gateway  to  participate  in  a 
video  call. 

During  a  demonstration  of  the  Express¬ 
way  technology  Tandberg  made  video 
calls  through  Network  World’s  firewall 
using  an  endpoint  registered  to  a  Border 
Gateway  in  Tandberg’s  Reston,  Va.,  office. 
Tandberg  made  no  changes  to  the  Network 
World  firewall.  Fbrt  80  usually  blocks  H.323 
traffic. 

Visual  Nexus,  a  small  videoconferencing 
vendor  in  England,  is  shipping  a  new  ver¬ 
sion  of  its  Linux-based  Secured  Transport 
appliance  that  works  in  a  similar  fashion  to 
Tandberg’s  Expressway  but  uses  Fbrt  80  to 
pass  traffic.  Fbrt  80  is  open  in  all  but  the 
strictest  firewall  setting. 

Polycom  and  its  partner  Edgewater 
Networks  are  taking  a  different  approach 
with  V2IU,  a  new  H.323-aware  firewall  that 
works  alongside  a  company’s  firewall  or 
can  be  used  as  a  firewall  replacement  for 
smaller  offices.  The  V2IU  is  a  Fblycom- 
branded  Edgewater  EdgeMarc  appliance 
with  added  video  capability 

The  Alberta  Supernet.an  ambitious  pro¬ 
ject  that  is  rolling  out  a  Multi-protocol 
Label  Switching-based  fiber  network  to 
virtually  every  education  facility  in  the 
Canadian  province,  is  piloting  the 


Fblycom/Edgewater  technology  with  16 
groups  in  the  province,  says  John 
Percevault,  director  of  system  planning 
and  technology  services  for  the  Grand 
Yellowhead  Regional  Division,  one  of  the 
leads  on  the  pilot. 

Each  district  has  been,  or  is,  in  the 
process  of  getting  a  6.5M  bit/sec  fiber  con¬ 
nection  with  up  to  six  VPN  connections 
that  can  be  used  to  connect  all  the  educa¬ 
tional  facilities  for  the  district’s  WAN  and 
for  videoconferencing  traffic,  among  other 
things.  For  the  video  network,  an 
EdgeMarc/V2IU  appliance  is  being 
deployed  at  each  district’s  head  end  and 
acts  as  a  firewall  and  proxy  for  H.323  traffic. 

Percevault  says  the  firewall  is  needed 
because  the  districts  are  planning  to  use 
desktop-based  conferencing  endpoints, 
which  might  be  connected  to  other  sensi¬ 
tive  networks,  such  as  internal  LAN  or  net¬ 
work  management  systems.  Percevault 
also  uses  Polycom’s  PathNavigator  prod¬ 
uct  to  help  route  video  traffic  between 


■  BY  ELLEN  MESSMER 

Computer  Associates  last  week  said  it 
would  roll  out  a  series  of  software  pack¬ 
ages  designed  to  help  users  manage  cor¬ 
porate  security  environments. 

While  details  of  its  eTrust  Security  Man¬ 
agement  architecture  are  sketchy  the  com¬ 
pany  said  its  initial  server-based  products 
and  tool  kits  will  aggregate  and  track  iden¬ 
tity  and  security  assertions,  create  policies 
and  grant  authentication  on  platforms  with¬ 
out  modifying  underlying  applications.The 
products  are  expected  by  year-end. 

The  concept  of  supporting  a  way  to 
unite  diverse  identity  and  authorization 
schemes,  such  as  Security  Assertion 
Markup  Language  and  Kerberos,  figure 
prominently  in  CAs  plans,  says  Toby  Weiss, 
senior  vice  president. 

The  company  says  its  goal  is  to  give  cus¬ 
tomers  a  way  to  establish  trust  models  and 
enforce  them  across  multiplatform  appli- 


locations  inside  the  Supernet. 

None  of  the  three  new  entrants  repre¬ 
sent  a  panacea  for  videoconferencing.  A 
user  has  to  register  his  endpoint  to  a  gate¬ 
keeper  for  each  organization  with  which 
he  wants  to  communicate.  “Every  video- 
conferencing  system  that  I’ve  played  with, 
and  that’s  about  10,  the  gatekeeper' 
address  that  you  have  to  enter  is  about  six 
levels  down  in  the  menu  structure,”  says 
Andrew  Davis,  principal  analyst  at  Wain- 
house  Research. The  industry  needs  to  fix 
that  if  it  is  going  to  go  with  this  method  of 
registering  with  gatekeepers  and  border 
controllers,  he  says. 

Session  Initiation  Protocol  (SIP),  with  its 
advanced  call-handling  features,  could 
replace  H.323  in  the  videoconferencing 
world.  Polycom  and  Tandberg  have 
pledged  support  for  it  in  the  future,  and 
Microsoft  is  making  it  the  centerpiece  of  its 
communication  strategy  in  Live  Communi¬ 
cation  Server  and  in  Istanbul, the  future  ver¬ 
sion  of  Windows  Messenger. 


cations.  Weiss  says  what  happens  in  terms 
of  identity  and  authorization  in  one  part 
of  a  large  intranet  is  often  lost  across  these 
heterogeneous  systems. 

In  outlining  CAs  plans,  Weiss  says  the 
basic  problem  the  company  wants  to 
solve  is  how  to  preserve  user  identity  and 
the  specific  level  of  trust  accorded  to  it 
after  a  user  has  authenticated  at  a  Web  site 
and  gained  access  to  an  internal,  multi¬ 
vendor  network.  As  a  user  moves  from 
Web  to  mainframe  to  database  applica¬ 
tions  and  more,  it’s  hard  to  enforce  appro¬ 
priate  levels  of  authorization  or  capture  a 
comprehensive  audit  trail  associated  with 
the  user’s  movements,  Weiss  says. 

Analysts  say  CA  is  targeting  a  real  prob¬ 
lem  but  are  skeptical  on  how  easy  it  will 
be  to  solve. 

CA  is  looking  at  the  problem  of  “loss  of 
accountability,  which  happens  in  a  multi¬ 
tier  architecture  where  lots  of  applications 
are  treated  as  silos,” says  Phil  Schacter.vice 


When  it  comes  to  firewall  and  NAT  tra¬ 
versal,  SIP  suffers  the  same  fate,  but  it  does 
have  one  advantage:  “In  the  world  of  SIP 
large  service  providers  [Tier  1  carriers]  are 
doing  SIP-based  telephone  networks,  and 
when  they  choose  to  solve  the  problem  for 
customers,  it’s  for  hundreds  of  thousands  at 
a  time,"  Englander  says. 

Radvision,  which  already  offers  an  H.323 
proxy  appliance,  and  Jasomi  Networks 
have  announced  a  partnership  to  integrate 
Radvision’s  MCU  with  Jasomi’s  Beerpoint 
product  to  pass  SIP-based  traffic  through  a 
firewall  or  NAT.  The  companies  are  target¬ 
ing  corporations  and  service  providers 
with  its  offerings. 

A  new  standard  also  might  be  a  solution 
to  the  problem.  Rivals  Polycom  and 
Tandberg  have  proposed  a  standard 
called  H.ASSENT  to  the  ITU  for  connect¬ 
ing  through  a  firewall  using  a  session  bor¬ 
der  controller  on  the  outside.  Davis  says 
we’re  still  a  year  or  two  away  from  such  a 
standard  becoming  reality  ■ 


president  and  service  director  at  Burton 
Group. 

There  is  no  product  set  that  can  achieve 
multivendor  end-to-end  audit  and  ac¬ 
countability  in  the  way  CA  is  proposing, 
Schacter  says.  “This  kind  of  functionality 
typically  doesn’t  come  out  of  a  box,”  he 
says.  More  commonly,  it  would  entail  the 
burden  and  expense  of  custom  coding. 

He  voices  doubts  about  whether  CA 
can  achieve  this  without  a  lot  of  industry 
partners. 

CA  says  it  has  spent  two  years  mulling 
the  difficulty  of  audit  and  authorization  in 
a  heterogeneous  network  before  stepping 
out  publicly  to  declare  it  will  conquer  it 
through  the  eTrust  Security  Management 
Architecture.  ■ 
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Grid  alliance 
gains  members 

■  BY  JENNIFER  MEARS 

Corporate  IT  managers  in  growing  numbers  are  beginning  to 
look  at  grid  computing  —  where  resources  are  pooled  and  then 
distributed  in  response  to  application  demands  —  as  a  way  to 
increase  the  utilization  rates  of  their  data  center  hardware. 

While  grids  have  long  been  confined  to  academic  and  research 
organizations  that  need  loads  of  compute  power  for  number¬ 
crunching  applications,  the  benefits  of  grid  computing  are  starting 
to  be  applied  in  corporate  data  centers  for  running  business  appli¬ 
cations  such  as  payroll  and  supply-chain  systems. 

The  Enterprise  Grid  Alliance,  formed  by  EMC,  HE  Intel,  Oracle, 
Sun  and  others  last  year,  focuses  on  promoting  the  use  of  grid  tech¬ 
nology  in  corporations  by  addressing  business  requirements  such 
as  security  standards  and  management.  Last  week,  the  group 
announced  that  five  organizations  have  joined,  bringing  the  total 
number  of  members  to  30. 

The  newest  members  are  UK  e-Science  Core  Programme,  which 
develops  grid  infrastructure  for  intercompany  deployments;  IT  ser¬ 
vices  company  Unisys;  InfiniBand  vendor  Voltaire;  industry  analyst 
company  The  451  Group;  and  Univa,  which  was  formed  by  the  cre¬ 
ators  of  Globus  open  source  grid  software  to  distribute  and  sup¬ 
port  the  Globus  grid  tool  kit  for  businesses. 

“A  member  such  as  Univa  shows  good  synergy  between  what  the 
[alliance]  is  doing  and  what  some  of  the  other  [grid]  organiza¬ 
tions  are  doing,”  says  Peter  ffoulkes,  chairman  of  the  consortium’s 
marketing  steering  committee  and  group  manager  for  marketing 
high-performance  and  technical  computing  at  Sun.  “We’re  all 
working  in  our  own  disparate  ways  toward  a  common  goal.”  ■ 


■  Image  Fortress  this  week  is  introducing  an  archiving  ser¬ 
vice  for  files,  structured  data  and  e-mails.  Called  Digital- 
Fortress,  the  service  lets  organizations  safely  store  the  in¬ 
formation  they  need  to  keep  for  government  compliance  at 
a  remote  facility  Image  Fortress  maintains.  All  software  and 
hardware  involved  in  the  process  is  managed  by  Image 
Fortress,  and  24/7  monitoring  is  enabled.  DigitalFortress 
starts  at  $500  per  month  for  20G  bytes  of  data. 

■  Microsoft  last  week  announced  it  has  hired  Michael 
Sievert  as  its  corporate  vice  president  for  Windows  prod¬ 
uct  management.  Sievert  comes  from  AT &T  Wireless 
Services,  where  he  was  executive  vice  president  and  chief 
marketing  officer  since  2002.  Sievert  replaces  Tom  Button, 
who  has  been  on  a  leave  of  absence  for  “family  medical  rea¬ 
sons,”  Microsoft  said,  adding  that  Button  is  expected  to 
return  to  Microsoft  in  a  new  job.  Siervert's  to-do  list  will 
include  preparing  for  the  highly  anticipated  launch  of 
Longhorn,  the  next  major  release  of  Windows,  which  is 
slated  for  release  next  year. 


Lessons  from  leading  users 


Court  ditches  mainframe 
for  Windows  system 


■  BY  JOHN  FONTANA 

Debbie  Brasher  cut  the  mainframe  cord  and 
she  is  not  looking  back.The  director  of  tech¬ 
nology  for  the  Superior  Court  Stanislaus 
County  System  in  Modesto, Calif.,  has  moved  on  to 
a  Windows-based  infrastructure  and  a  set  of  Web- 
based  applications  to  host  the  court’s  case  man¬ 
agement  system,  which  is  used  to  manage  civil 
and  criminal  cases. 

The  new  computing  architecture  already  has 
drawn  the  attention  of  the  California  court  system 
and  one  day  might  be  the  standard  throughout 
the  state. 

While  Brasher  isn’t  so  brash  with  her  predictions 
on  the  impact  of  her  work,  she  knows  that  what 
she  and  her  staff  have  built  is  pulling  them  into 
the  new  millennium,  and  providing  the  means  to 
update  and  expand  what  was  a  dying  mainframe 
infrastructure. 

“Once  we  got  off  the  mainframe,  we  were  able  to 
spend  more  money  to  enhance  what  we  already 
had,”  Brasher  says.  Money  was  the  root  of  the  prob¬ 
lem,  she  says. 

“My  last  mainframe  bill  [before  migrating]  was 


$1.2  million,  which  was  $300,000  more  than  the 
previous  year”  she  says.  The  money  was  paid  to 
the  county  for  licensing,  programming  and  trans¬ 
action  time  used  on  the  county’s  mainframe.  On 
top  of  that,  the  mainframe  was  shared  among 
agencies  and  supported  5,000  users.  The  county 
also  controlled  the  programmers,  which  required 
Brasher  to  negotiate  for  their  time. 

So  Brasher  bolted  to  Windows,  replacing  the 
court’s  connection  to  a  token-ring  network,  bring¬ 
ing  nearly  20  Windows  2000  servers  in-house  and 
investing  her  cost  savings  to  hire  two  program¬ 
mers  and  an  outside  consultant  to  help  convert 
the  mainframe  application  to  Windows. 

“I  initially  reduced  my  $1.2  million  yearly  main¬ 
frame  cost  by  $500,000,”  Brasher  says. 

The  savings  also  let  her  focus  on  adding  six  new 
applications  to  automate  court  procedures,  and 
to  consolidate  the  court’s  workflow  into  one  dis¬ 
tributed  computing  environment  that  includes 
Windows  XP  clients  and  Cisco  6500,  3700  and 
2600  routers. 

Instead  of  struggling  to  maintain  the  case  man¬ 
agement  system,  which  consisted  of  785  separate 

See  Courthouse,  page  22 


Courtroom  Windows 

The  Superior  Court  Stanislaus  County  System  this  month  will  complete  its  migration 
from  an  IBM  mainframe  to  a  Windows  platform  that  will  support  applications  beyond 
the  case  management  system  already  migrated  from  the  mainframe. 
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Novell’s  Jack  Messman  might  be  one 
of  the  last  honest  businessmen, 
unafraid  to  change  his  mind  and  his 
company’s  direction, but  never  afraid  to  tell 
the  truth  when  he  discovers  it.  On  the  other 
hand,  he  simply  might  not  be  able  to 
remember  what  his  company’s  marketing 
message  was  just  a  few  years  ago.  I’m  bet¬ 
ting  on  the  latter. 

Messman  gave  the  keynote  address  to  the 
recent  Linux  World  Conference  in  Boston. 
It’s  been  suggested,  by  the  way  that  the  con¬ 
ference  was  moved  from  New  York  to 
Beantown  at  the  behest  of  Novell,  based  in 
nearby  Waltham,  and  after  Messman  and 


Novell:  Long-term  memory  problems? 


Co.  plunked  down  a  chunk  of  money  to 
ease  the  transition  from  the  Big  Apple.Then 
came  Messman’s  moment  in  the  sun  — 
addressing  a  horde  of  Linux  enthusiasts. 
These  Linux  fans  are  a  forgiving  crowd.  It 
was  just  two  years  ago  that  Messman  called 
Linux  an  immature  operating  system  be¬ 
cause  it  hadn’t  had  somebody  like  Novell 
worrying  about  making  it  robust,  reliable 
and  scalable.  Swift  moves  on  the  part  of 
Novell’s  public  relations  folks  managed  to 
salvage  some  good  will  at  that  time. 

This  time,  in  his  keynote,  Messman  said 
that  many  of  the  benefits  of  Linux  “are  due 
to  a  common  code  base  from  the  desktop 
to  the  server  to  the  data  center.  Wherever  it 
is  deployed  throughout  the  enterprise, 
Linux  offers  .  .  .  simplified  operations  as 
platform  variations  decrease.  The  likeli¬ 
hood  of  interoperability  issues  is  greatly 
diminished.  And  system-wide  improve¬ 
ment  increases. With  a  common  code  base 


when  an  update  or  enhancement  is 
applied  to  that  base,  all  levels  within  the 
enterprise  reap  the  benefits.” 

Well,  if  you  remove  the  word  Linux,  and 
substitute  “Windows,”  it’s  just  as  valid  a  state¬ 
ment.  It’s  the  very  argument  that  Microsoft 
used  to  wrest  control  of  the  network  mar¬ 
ket  from  Novell  a  dozen  years  ago.  The 
problem,  for  Novell,  arises  because  for  at 
least  that  long  the  company’s  marketing 
machine  has  tried  to  drum  into  users’ 
brains  the  idea  that  servers  and  desktops 
are  very  different  in  their  operation  and 
needs,  and  that  each  requires  an  operating 
system  optimized  for  its  duties. 

As  one  company  publication  (“Novell 
Developer  Notes,”  January  1999)  put  it:  “A 
dedicated  network  operating  system  is  bet¬ 
ter  for  hosting  the  network  and  far  more 
efficient  than  a  general-purpose  operating 
system.” 

So  Messman,  which  is  it? 


Kearns,  a  former  network  administrator,  is 
a  freelance  writer  and  consultant  in  Silicon 
Valley.  He  can  be  reached  at  wired@ 
vquill.com. 


Tip  of  the  Week 
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I'll  be  at  Novell's  BrainShare 
conference  (after  a  two- 
year  hiatus)  in  two  weeks, 
and  hopefully  I'll  get  the 
chance  to  ask  Messman 
about  this.  If  there  are  other 
things  you'd  like  to  know 
about  Novell  and  its  current 
itltlf  direction,  drop  me  a  note 

and  I'll  try  to  get  those  ques- 
tions  answered. 


Start-tip  promises  computing  power  on  demand 


■  BY  JENNIFER  MEARS 

Azul  Systems  says  it  has  an  answer  for 
IT  managers  wrestling  with  how  to  cope 
with  unpredictable  spikes  in  demand 
that  go  hand-in-hand  with  Web-based 
applications. 

Rather  than  deploying  additional  hard¬ 
ware,  which  much  of  the  time  sits  idle,  Azul 
envisions  Java-based  application  servers 
tapping  into  a  pool  of  compute  power  that 
is  available  on-demand.  It’s  an  idea  that 
CEO  Stephen  DeWitt  likens  to  the  way 
servers  tap  into  storage. 

“Companies  have  been  able  to  separate 
the  function  of  storage  from  the  server  and 
allow  existing  servers  to  mount  big  buckets 
of  storage,”  he  says.  “By  doing  so  you  elimi¬ 
nate  capacity  planning  at  the  individual 
application,  workgroup  or  user  level.” 

Azul  wants  to  give  application  servers 
access  to  all  the  compute  power  they  need 
without  having  to  plan  for  demand  in 
advance. 

Web  applications  such  as  those  based  on 
Java,  Java  2  Platform  Enterprise  Edition  and 
.Net  use  a  virtual  machine  architecture, 
meaning  that  the  application  is  separated 
from  the  hardware  and  can  run  on  any 
platform.  As  a  result,  processing  workloads 
can  be  shuttled  from  traditional  applica¬ 
tion  servers  that  run  BEA  Systems’ 
WebLogic  or  IBM’s  WebSphere,  for  exam¬ 
ple,  across  the  network  to  Azul’s  compute 
appliance. 

Azul  proxy  software  is  installed  on  tradi¬ 
tional  servers,  directing  them  to  send  Java 
processing  to  Azul’s  compute  appliances. A 
management  tool  lets  users  set  business 
rules  and  priorities  dictating  how  much 
processing  power  should  be  assigned  to 
each  application,  ensuring  that  each  gets 
what  it  needs. 

Azul  designed  its  appliance  from  the 
ground  up  to  handle  virtual  machine- 


based  workloads  that  run  many  applica¬ 
tion  threads  simultaneously  The  system  is 
based  on  a  custom-designed  microproces¬ 
sor,  which  includes  24  cores  on  a  chip. 

The  vendor  plans  to  make  its  appliance 
generally  available  in  the  next  few  months 
in  configurations  of  four  to  16  processors, 
meaning  that  users  could  have  access  to  as 
many  as  384  processor  cores  in  a  standard 
1 1U  rack-mount  chassis. 

One  user  who  has  been  beta-testing  a 
four-processor  system  for  the  past  few 
months  says  the  appliance  simplifies 
administrative  overhead  in  the  data  center. 


“In  the  past,  our  biggest  challenge  was 
bringing  in  hardware  to  serve  increasing 
load,”  says  an  application  architect  at  an  IT 
business  management  and  consulting  firm 
who  asked  not  to  be  named.  “We  were 
spending  a  lot  of  time  playing  musical 
chairs  with  our  hardware  and  our  applica¬ 
tions  trying  to  get  things  right  for  utilization 
levels. . . .  [With  the  Azul  box]  there  are  a 
whole  bunch  of  problems  that  we  used  to 
spend  a  lot  of  time  on  in  an  operations 
environment  that  are  just  going  to  go  awa/ 
Analysts  are  intrigued  by  Azul’s  focus, 
noting  that  users  don’t  need  to  modify 


applications,  a  hurdle  when  it  comes  to 
other  approaches  to  increasing  hardware 
utilization  such  as  grid  computing.  But 
they  question  whether  IT  managers  are 
ready  for  this  type  of  architectural  change. 

“How  many  data  centers  will  have  the 
workload  to  support  Azul?”  asks  Vernon 
Turner,  group  vice  president  and  general 
manager  of  enterprise  computing  at  IDC. 
“How  far  down  the  IT  pyramid  [does  Azul] 
want  to  go?  They  are  segmenting  their  mar¬ 
ket  specifically  for  [Java,  which  is  fine], but 
to  be  fair,  one  has  to  ask: ‘Is  this  going  to  be 
the  only  computing  model  of  the  future?’”^ 
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Courthouse 

continued  from  page  21 

COBOL  programs,  consulting  firm  Enterprise  Network  Con¬ 
sultants  used  Fujitsu’s  NetCOBOL  for  .Net  tools  to  convert  the 
IBM  CICS  application  to  run  on  Windows.The  firm  also  built  a 
Web-based  interface  to  mimic  the  mainframe  application, 
replacing  the  mainframe  emulation  previously  used  on  PCs  and 
reducing  end-user  training  costs. 

Then  Brasher’s  new  programmers  began  creating  the  fresh 
Windows  applications,  set  to  roll  out  this  month,  that  will  bring 
previously  paper-based  procedures  online.  Those  procedures, 
which  include  collecting  fines  and  distributing  information  to 
law  enforcement,  will  share  data  with  the  case  management 
system. 

While  the  goal  is  automation,  another  benefit  is  that  the  court 
has  cut  its  transaction-processing  time  from  60  seconds  on  aver¬ 
age  down  to  10. 

The  next  big  infrastructure  enhancement  comes  this  month 
when  the  county  will  roll  out  Active  Directory  as  part  of  an 
upgrade  to  Windows  Server  2003  to  support  250  clerks,  judges, 
managers  and  administrators. 

“We  are  moving  for  the  security  better  tracking  and  access 
control,”  says  Brasher,  who  admits  the  complexity  of  the  direc¬ 


tory  prevented  the  court  from  rolling  it  out  initially  In  fact,  the 
court  needed  three  tries  at  building  its  directory  tree  before  it 
got  it  right. 

The  court  also  is  moving  its  databases  from  Oracle  to 
Microsoft  SQL  Server  2000  to  support  a  number  of  the  new 
applications  it  is  developing. 

In  the  next  month,  the  court  hopes  to  roll  out  not  only  its  new 
cash  collection  application  but  also  the  applications  it  built 
using  Microsoft  Visual  Studio  .Net  to  track  arbitration,  mediation 
and  exhibits;  to  automate  collection  of  courtroom  data;  and  a 
program  for  Web  calendaring. 

“All  of  these  were  manual  processes,  they  were  all  paper- 
based,”  Brasher  says.  The  automation  has  caught  the  eye  of  the 
state  agency  that  governs  county  courts,  the  Administrative 
Office  of  the  Court  (AOC). 

The  AOC  is  trying  to  develop  a  single  case-management  sys¬ 
tem  for  statewide  use  and  has  allocated  money  to  support 
Brasher’s  effort  as  a  test  bed. 

“We’re  using  the  money  to  complete  our  system  because  the 
AOC  thought  it  was  foundationally  sound.  But  I’ll  feel  better 
when  it’s  done  and  we  can  show  what  it  can  do,”  she  says. 

Now  that  Brasher  has  eliminated  one  relic  of  the  past,  she  has 
her  eye  on  another  —  the  PBX. 

“We  are  looking  at  voice  over  IPT  she  says.  “When  we 
upgraded,  everything  from  the  routers  to  the  wiring  was  put  in 
place  with  an  eye  on  VoIP.”  ■ 


ADDING  UP  THE  COSTS  OF 
WINDOWS?  BE  SURE 
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"We  simply  aren't  interested  in  having 
to  worry  about  potential  legal  risks  of 
deploying  Red  Hat  Linux.  Knowing  the 
way  that  Microsoft  stands  behind  its 
products  with  IP  indemnification,  it's  one 
less  thing  that  I  have  to  worry  about" 

— Jamey  Anderson 
Technology  Services  Manager 
ADC  Telecommunications 


When  ADC  Telecommunications,  a  global  supplier  of  network  infrastructure 
equipment  and  services,  wanted  to  upgrade  its  Microsoft®  Windows®  client 
operating  systems,  they  also  evaluated  Red  Hat  Linux  9.  Their  analysis  of  the 
licensing,  training,  and  support  costs  of  both  estimated  that  the  Microsoft 
solution  would  cost  $1.7  million  less*  But  those  weren't  the  only  costs  that  led 
them  to  choose  Microsoft.  "With  the  Linux  lawsuits  happening,  it's  something 
I  pay  a  lot  more  attention  to,"  says  Jamey  Anderson  of  ADC.  "The  level  to  which 
Microsoft  stands  behind  its  software  with  IP  indemnification  is  a  big  deal  to  us. 
We  can  be  guaranteed  that  Microsoft  will  back  us  with  no  financial  cap — no 
matter  how  big  a  lawsuit  may  become."  For  details  about  Microsoft's  indemnity, 
visit  microsoft.com/indemnification 


To  see  the  complete  ADC  case  study  and  for  other  third-party  findings, 
visit  microsoft.com/getthefacts 


*ADC  estimated  price  savings  based  on  U.S.  dollars  for  5,500  client  computers  using  cost  figures  available  in  early  2004.  Various  factors  may  affect  actual  savings. 

©  2005  Microsoft  Corporation.  All  rights  reserved.  Microsoft,  Windows,  the  Windows  logo,  and  Windows  Server  System  are  either  registered  trademarks  or  trademarks  of 
Microsoft  Corporation  in  the  United  States  and/or  other  countries.  The  names  of  actual  companies  and  products  mentioned  herein  may  be  trademarks  of  their  respective  owners. 
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Were  this  a  fine  German  car, 
you  would  ask  for  a  test  drive 

We  offer  this  simple  chart. 


You  admire  precision  engineering  and  seek  out 
maximum  performance.  You  want  the  best.  Presenting 
the  E-Series  from  ForcelO  Networks:  The  first  resilient 
switch/router  to  deliver  672  line-rate  Gigabit  Ethernet 
or  56  line-rate  10  Gigabit  Ethernet  ports  per  chassis  — 
more  than  twice  the  capacity  of  our  competitors. 
That's  Terabit  performance. 


Based  on  ForcelO's  revolutionary TeraScale  technology, 
the  E-Series  delivers  industry-best  metrics  in  density, 
throughput,  resiliency  and  security.  The  advanced 
architecture  of  the  E-Series  ensures  predictable 
performance  with  traffic-variation  dampening, 
provides  control  plane  resiliency  to  prevent  »>mntnnir, 

DoS  attacks,  and  supports  line-rate,  real-time 
security  filters  for  high  performance  security. 


(  or« 


To  test  drive  the  E-Series  in  your 
network,  contact  us  at  I  -866-600-5  1 00 
or  visit  www. force!  Onetvvorks.r  om. 


To  .view  independent  TeraScale  test  results  from  t  he  Tolly  Group,  visit  www.forc  el  One! works. ( om 

fykt  t»l  t)  .Networks,  Ifir.  AltrfKhb  reserved.  loriclU.  the  ForcelO  loijo,  ftherScale,  MOS  and  leraSi  .lie  are  trademarks  of  lore  e  ID  Networks.  Ini .  All-other  brand  and  prudtu  I  naincs  are  trademark  or  n  r|  rr.uli . .  :  . . 
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■  Messaging  and  collaboration  ven¬ 
dor  Stalker  Software  next  month  is 
scheduled  to  release  the  Communi- 
Gate  Pro  Version  4.3  Real-Time 
Communications  server,  which 
includes  an  enhanced  Session  Initi¬ 
ation  Protocol  interface.  Stalker  has 
integrated  VoIP  features  with  e-mail 
so  users  can  initiate  SIP-based  calls 
from  their  address  books.  Stalker 
also  plans  to  add  call  management 
features  and  SIP  filtering  in  a  future 
upgrade.  Version  4.3  also  includes 
three  new  GUIs  available  in  12  lan¬ 
guages.  The  server  costs  $699,  which 
includes  25  user  licenses.  The  server 
runs  on  Unix,  IBM  iSeries,  OpenVMS, 
Windows,  Linux  and  Mac  OS  X. 

■  In  a  move  to  broaden  its  offerings 
for  customers  in  the  retail  sector, 
software  vendor  SAP  has  agreed  to 
acquire  Retek,  a  retail  management 
software  developer.  Under  the  agree¬ 
ment  announced  last  week,  SAP  will 
pay  $496  million  for  the  company. 
Retek  offers  software  for  a  range  of 
retail  operations,  which  include  sup¬ 
ply-chain  management,  multichannel 
retailing  and  merchandise  operations 
management.  The  company  has  more 
than  200  customers  in  more  than  20 
countries.  The  acquisition  will  help 
SAP  provide  a  comprehensive  soft¬ 
ware  system  that  extends  from  point 
of  sale  through  the  entire  retail  sup¬ 
ply  chain,  SAP  says. 

■  IBM  last  week  said  it  would  resell 
Captiva  Software’s  input  man¬ 
agement  software,  and  provide  a 
streamlined  set  of  products  for  cap¬ 
turing  and  managing  data  and 
reducing  costs.  Captiva's  software 
accelerates  the  capture  and  pro¬ 
cessing  of  forms  and  documents 
into  IBM’s  DB2  Content  Manager 
enterprise  content  management  sys¬ 
tems.  Teamed  with  DB2  Content 
Manager,  Captiva's  products  are 
designed  to  help  customers  capture 
and  load  digital  documents  and  data 
into  a  central  repository  to  stream¬ 
line  the  management  and  delivery  of 
information  across  applications  and 
enterprises,  Captiva  says. 


IBM,  CA  target  mainframe  mgmt 


■  BY  DENISE  DUBIE 

IBM  and  Computer  Associates  are  tailor¬ 
ing  wares  for  mainframe  users  that  the 
companies  promise  will  make  managing 
the  40-year-old  technology  easier  for  inex¬ 
perienced  systems  administrators  and  cut 
budget  costs  associated  with  maintaining 
the  Big  Iron. 

Research  shows  loyal  mainframe  cus¬ 
tomers  don’t  plan  to  part  with  their  legacy 
systems  any  time  soon,  a  fact  that  has  man¬ 
agement  software  makers  clamoring  to 
keep  established  customers  happy  by 
adding  ease-of-use  features,  such  as  Web 
interfaces, and  offering  more  attractive  pric¬ 
ing.  In  fact,  Forrester  Research  reports  IBM’s 
zSeries  revenue  grew  between  22%  and 
25%  in  2004,  and  the  firm  expects  more 
modest  growth  in  the  coming  year. 

“There  is  a  lot  of  data  on  companies’ 
mainframes,  and  there  aren’t  a  lot  of  rea¬ 
sons  to  migrate  it  off  those  systems,”  says 
Jasmine  Noel,  a  principal  analyst  with  Ptak, 
Noel  &  Associates.  “But  making  sure  main¬ 
frames  are  up  and  running  isn’t  really  a 
challenge.  Management  vendors  have  to 
monitor  and  link  the  mainframe’s  perform¬ 
ance  to  the  Java,  .Net  and  Web  services  sys¬ 
tems  that  interact  with  the  data  stored  on 
mainframes.” 

For  IBM’s  part,  the  company  last  week  at 
its  Share  user  conference  in  San  Diego 
unveiled  the  first  suite  of  products  devel¬ 
oped  from  its  June  2004  acquisition  of 
Candle.  The  company  unveiled  its  IBM 
Tivoli  Omegamon  XE  suite,  which  takes  two 
parts  Candle  and  one  part  Tivoli  technolo¬ 
gy  to  let  customers  detect,  isolate  and 
repair  application  performance  problems. 

IBM  says  the  IBM  Tivoli  Omegamon  XE 
bundle  includes  technology  to  monitor 
and  manage  zSeries  operating  systems  and 
subsystems  such  as  Linux,  CICS,  DB2, 
WebSphere,  storage  and  other  systems.The 
software,  which  runs  on  a  Windows  server 
and  uses  agents  distributed  on  mainframes 
to  collect  data,  will  be  able  to  show  how 
mission-critical  applications  use  zSeries 
systems.The  software  will  let  experienced 
zSeries  administrators  use  the  standard 
“green  screen,"  or  IT  staff  can  utilize  a  Web- 
based  interface  to  get  a  view  into  main¬ 
frame  performance  and  how  the  system 
affects  applications  tapping  it  for  data. 

Omegamon  XE  begins  at  $4,000,  depend¬ 
ing  on  capacity 

According  to  Noel,  IBM’s  investment  in 
mainframe  technology  with  its  Candle  pur¬ 
chase  spurred  other  vendors,  such  as  BMC 


Gutting  costs 

Vendors  promise  new  management 
wares  will  reduce  software  license 
and  maintenance  costs  associated 
with  managing  mainframes. 

Mainframe  annual  cost/MIPS 


[-  Facilities:  $403 


Disaster  recovery 
services:  $76 


Hardware:  $896 


Software: 

$4,052 


Staff:  $2,805 


Total  cost/MIPS  =  $8,232 

SOURCE:  FORRESTER  RESEARCH 


Software  and  CA,  to  reevaluate  their  main¬ 
frame  products.  The  added  competition 
could  mean  lower  costs  for  customers. 

Meanwhile,  CA  introduced  its  Unicenter 
rll  software  for  output  management, 
which  includes  three  applications  that 
can  be  purchased  separately  or  as  a  bun¬ 


dle:  CA-Spool,  CA-View  and  CA-Deliver. 
The  software,  which  runs  on  a  zSeries 
mainframe,  will  help  systems  ad¬ 
ministrators  control  data  output  and  re¬ 
ports  from  the  mainframe. 

According  to  CA,  mainframe  systems 
generate  reports  when  they  finish  a  job, 
for  example,  without  consideration  to 
how  administrators  need  to  see  the  data, 
when  they  need  it  or  where  they  need  it 
to  print.  CA-Spool  offers  systems  adminis¬ 
trators  a  way  to  control  the  print  output 
from  a  mainframe,  and  CA-View  lets  the 
data  be  viewed  in  different  formats.  CA- 
Deliver  can  automate  the  delivery  of  the 
data  to  IT  management  in  the  form  of  a 
PDF  report  or  e-mail,  for  example.  CA- 
Spool  almost  always  works  in  conjunc¬ 
tion  with  one  of  the  other  two  applica¬ 
tions  but  is  available  for  purchase  sepa¬ 
rately  CA  says. 

Much  like  CAs  December  release  of  per¬ 
formance  management  software  for  main¬ 
frames,  the  Unicenter  rl  1  applications  for 
mainframe  output  management  have  been 
reworked  to  take  advantage  of  what  CA 
dubs  Common  Services  —  which  includes 
incorporating  standard  code,  interfaces 
and  standard  databases  for  use  across  CA 
management  systems. 

CA-Spool  is  available  now.  CA-View  and 
CA-Deliver  are  in  beta  and  are  set  to  be 
available  by  the  end  of  the  month.  Pricing 
for  the  bundle  starts  at  $60,000  per  year.  ■ 


Start-up  takes  aim  at  automating 
routine  data  center  functions 


■  BY  DENISE  DUBIE 

Start-up  RealOps  is  offering  customers 
software  designed  to  streamline  their  oper¬ 
ations  and  maximize  their  resources  by 
automating  routine  tasks  and  providing  an 
audit  trail  of  actions  taken  across  their  data 
centers. 

The  22-employee  Herndon, Va.,  company, 
which  recently  received  $5  million  in  fund¬ 
ing,  last  month  launched  its  flagship  prod¬ 
uct,  Automation  Management  Platform 
(AMP).  AMP  uses  server  and  agent  soft¬ 
ware  to  collect  data  across  a  data  center 
and  then  integrates  it  into  one  central  loca¬ 
tion.  The  software  also  uses  bidirectional 
connectors  to  collect  data  from  third-party 
systems,  such  as  other  management  tools 
or  CRM  systems.  The  data  is  aggregated, 


normalized  and  correlated  against  AMP’s 
predefined  activity  library  which  lets  the 
software  identify  if  the  collected  data 
matches  a  predefined  automated  action  in 
AMP’s  library  and  kick  off  the  automation. 
If  a  server  doesn’t  respond  to  predefined 
standards,  the  software  will  generate  a  trou¬ 
ble  ticket. 

The  library  which  users  can  customize 
and  extend  using  RealOps’  SDK,  includes 
workflows  and  activities  that  could  be 
taken  in  response  to  specific  events  or 
used  to  complete  a  process.The  company 
says  customers  can  design  their  own  work- 
flows  based  on  conditional  statements.  For 
example,  if  one  server  generates  five  per¬ 
formance  events,  the  workload  could  be 
shifted  to  another  server. 

See  RealOps,  page  26 
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Well,  that  didn’t  take  long.  Just  after 
the  window  closed  on  my  column 
last  week  about  ChoiceFbint’s  iden¬ 
tity  theft  problems  came  the  announce¬ 
ment  that  Bank  of  America  had  a  problem 
of  its  own. 

The  company  lost  some  back-up  tapes 
containing  personal  information  for  a  large 
number  of  federal  employees,  which  in¬ 
clude  some  of  the  Congressional  critters  in 
last  week’s  column.  Now  that  its  members 
have  been  affected  personally  maybe  Con¬ 
gress  actually  will  get  tough  with  the  busi¬ 
nesses  that  toss  around  our  personal  infor¬ 
mation  like  so  much  used  dog  food. 

Bank  of  America  announced  that  some 


A  personal  touch 


tapes  had  gone  missing  while  being 
shipped  to  a  back-up  data  center  in  De¬ 
cember  (www.nwfusion.com,  DocFinder: 
6126).  The  tapes  contained  information, 
including  Social  Security  numbers  (SSN), 
on  1.2  million  accounts.  Press  accounts 
said  Sen.  Charles  Schumer  (D-N.Y)  was 
told  that  baggage  handlers  likely  stole  the 
tapes.  The  bank’s  press  release  said  it  had¬ 
n’t  seen  any  unusual  activity  in  the  ac¬ 
counts  so  far.  It  also  said  it  would  send  let¬ 
ters  to  everybody  whose  information  might 
have  been  on  the  tapes. 

A  couple  of  things  are  kind  of  funny 
about  this  story  1  don’t  know  any  baggage 
handlers,  but  I  find  it  hard  to  imagine  that 
computer  back-up  tapes  would  be  the  first 
things  a  thieving  one  would  go  after.  Also, 
the  bank’s  press  release  said  “the  privacy  of 
customer  information  receives  the  highest 
priority  at  Bank  of  America,  and  we  take 
our  responsibilities  for  safeguarding  it  very 
seriously’  If  that  was  true,  the  tapes  would, 


at  the  very  least,  have  been  encrypted.  If  the 
tapes  were  encrypted  using  a  good  algo¬ 
rithm,  I  would  expect  the  bank  to  have 
quickly  said  that.  So  maybe  the  bank  was¬ 
n’t  doing  all  it  could  to  safeguard  the  infor¬ 
mation. This  should  be  an  object  lesson  to 
all  of  you  who  ship  unencrypted  private 
data  via  insecure  transport  (including  the 
Internet). 

Schumer  also  complained  that  the  West- 
law’s  People  Finder  commercial  service 
easily  could  be  exploited  to  get  personal 
information,  including  SSNs,  for  more  than 
160  million  people.  He  said  his  staff  used 
the  service  to  get  SSNs  for  Vice  President 
Dick  Cheney  and  Internet  video  star  Paris 
Hilton  (who  had  her  own  problems  with 
the  release  of  private  information  the  same 
week).  As  1  pointed  out  last  week,  1  can 
understand  why  Westlaw  might  want  to  sup¬ 
port  looking  up  someone  using  a  SSN,  but  I 
see  little  reason  to  report  back  SSNs  unless 
your  purpose  is  to  facilitate  identity  theft. 
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Congress  passed  a  quite  strict  law  pro¬ 
tecting  the  privacy  of  videotape  rental 
records  (DocFinder:6127)  after  the  records 
of  someone  that  a  number  of  people  in 
Congress  felt  strongly  about  —  Supreme 
Court  nominee  Robert  Bork  —  were  pub¬ 
lished  in  the  press.  Just  maybe,  now  that 
some  senators  are  directly  threatened  by  a 
breach  in  data  protection  caused  by  poor 
practices  by  the  third-largest  bank  in  the 
U.S.,  they  will  pay  attention  and  do  some¬ 
thing  serious.  The  chances  are  far  better 
this  week  than  last,  when  the  threat  was  just 
to  145,000  non-Congress  people. 

Disclaimer:  Harvard  has  not  expressed  an 
opinion  on  the  ability  of  Congressional  crit¬ 
ters  to  understand  things  that  do  not  hap¬ 
pen  directly  to  them,  so  the  above  specula¬ 
tion  is  mine. 

Bradner  is  a  consultant  with  Howard 
University’s  University  Information  Systems. 
He  can  be  reached  at  sob@sobco.com. 


IBM  pitches  Informix  database  upgrade 


■  BY  JAMES  NICCOLAI 

IBM  has  released  a  major  upgrade  to  its 
Informix  database  that  promises  users 
improvements  in  performance,  administra¬ 
tion  and  security  IBM  called  the  move  the 
most  significant  upgrade  of  the  database  in 
five  years. 


RealOps 

continued  from  page  25 

AMP  comes  with  Information  Technology 
Infrastructure  Library  (ITIL)-based  work- 
flow  templates,  and  the  company  says  it 
foresees  the  software  becoming  the  man¬ 
agement  portal  for  customers. 

RealOps  founders,  who  spun  the  software 
company  out  of  IT  operational  manage¬ 
ment  consultancy  Windward  Consulting 
Group,  say  AMP  will  help  IT  shops  inch 
their  way  closer  to  automated  operations. 

“We  built  a  product  that  could  automate 
a  lot  of  the  routine  tasks  needed  to  perform 
the  triage  activities  around  problem  identi¬ 
fication,  diagnosis  and  validation,”  says 
Sean  McDermott,  RealOps  president,  CEO 
and  founder.  McDermott,  founded  and  has 
headed  up  Windward  for  the  past  eight 
years,  which  provided  the  knowledge  of 
customer  experiences,  best  practices  and 
operational  efficiencies  RealOps  incorpo¬ 
rated  into  its  AMP  software. 

“We  found  customers  having  a  hard  time 
integrating  their  multiple  tools  for  manage¬ 
ment  and  decided  we  could  provide  some 
shortcuts,”  he  says. 

Along  with  fellow  start-up  Optinuity, 
RealOps  will  compete  with  the  likes  of 
Opsware,  the  company  says.  Industry 
watchers  expect  to  see  more  management 
software  makers  develop  products  that 


Informix  Dynamic  Server  (IDS)  Version 
10  boosts  query  performance  with  better 
memory  allocation  and  configurable  page 
sizes,  the  company  says.  Version  10  also 
offers  improved  back-up  and  restore  utili¬ 
ties  to  provide  faster  setup  of  secondary 
servers,  and  better  log  management  tools. 
The  enterprise  replication  feature,  for  gen- 


promise  to  automate  routine  operations. 

“IT  has  long  needed  to  define,  document 
and  standardize  its  processes  and  work- 
flows  just  like  other  business  units.  Some 
70%  [or  more]  of  IT  time  has  been  spent  on 
doing  dull,  routine,  repetitive  maintenance 
operations  such  as  moves,  adds  and 
changes,”  says  Rich  Ptak,  principal  analyst 
at  Ptak,  Noel  &  Associates.  “More  software 


erating  copies  of  data  at  multiple  sites,  now 
supports  templates,  easing  deployment. The 
database  comes  with  a  tool  IBM  says  can 
cut  installation  time  in  half. 

Version  10  lets  administrators  do  a  point- 
in-time  restore  for  an  individual  table,  a 
capability  already  available  in  DB2.IDS  cus¬ 
tomers  currently  have  to  restore  the  whole 


companies  are  looking  to  address  the  prob¬ 
lem  because  with  shrinking  budgets, 
increasingly  fickle  customers  and  tight 
profit  margins,  IT  operations  managers  are 
being  forced  to  adopt  automation.” 

RealOps  targets  large  companies,  service 
providers  and  government  agencies  with 
AMP  which  costs  about  $250,000  for  an 
average  implementation.  ■ 


database,  copy  the  table  they  want  and  then 
reinsert  it,  says  Neil  Truby  director  of  Ar- 
denta  in  Sunbury  on  Thames,  England, 
which  provides  Informix  technical  services. 

New  security  features  include  support  for 
pluggable  authentication  modules,  which 
let  administrators  customize  authentica¬ 
tion  for  individual  applications,  and  col¬ 
umn-level  encryption. 

IBM  offered  few  specifics  about  the 
planned  version  of  IDS  for  small  and  mid¬ 
size  businesses,  which  will  be  called  IDS 
Express  Edition  and  is  planned  for  mid¬ 
year  release.The  company  says  the  product 
will  be  offered  for  Windows  and  Linux. 

IBM  already  offers  an  Express  version  of 
DB2.  Rivals  Oracle  and  Microsoft  also  offer 
databases  targeted  at  the  low  end  of  the 
market. 

IBM  acquired  Informix’s  database  busi¬ 
ness  in  2001  for  $1  billion.  Customers  have 
praised  IBM  for  continuing  to  update  the 
products  and  not  forcing  them  onto  its  flag¬ 
ship  DB2  product  line,  but  some  have  been 
critical  that  IBM  does  little  to  market  the 
software,  pushing  the  DB2  brand  instead. 

IBM  says  it  remains  committed  to  the 
Informix  products  and  has  laid  out  a  road 
map  for  them  until  2010.  It  continues  to 
transfer  technologies  between  IDS  and 
DB2  and  is  currently  working  to  allow  bidi¬ 
rectional  data  synchronization  between 
the  two  platforms,  the  company  says. 

Customers  with  a  maintenance  contract 
for  IDS  Version  9.x  can  upgrade  to  Version 
10  for  no  extra  charge.  Pricing  for  the  new 
IDS  has  not  been  set;  an  unlimited  proces¬ 
sor  license  for  the  current  IDS  Enterprise 
Edition  costs  $50,000,  including  a  year’s 
maintenance,  according  to  IBM’s  Web  site. 

Niccolai  is  a  correspondent  with  the  IDG 
News  Sewice. 
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PROFILE: 

RealOps 

Location: 

Herndon,  Va. 

Founded: 

October  2004 

Primary  product: 

Automation  Management  Platform,  software  that  collects  and 
integrates  events  from  multiple  systems  into  one  library,  which 
then  works  with  a  workflow  engine  to  automate  actions. 

Management  team: 

Sean  McDermott,  CEO  and  founder;  Christopher  Schroeder,  vice 
president  of  engineering  and  founder. 

Finances: 

$5  million  Series  A  financing  led  by  Virginia-based  Valhalla 
Partners. 

Customers: 

Targeting  large  companies,  governement  agencies  and  service 
providers. 

Competition: 

IT  automation  vendors  Opsware  and  BladeLogic  and  fellow  start¬ 
ups  such  as  Optierand  Optinuity. 

Fun  fact: 

k  . 

All  three  key  original  members  of  the  management  team  have 
previously  founded  successful  Washington,  D.C.,  technology 
companies  (Windward  Consulting  Group,  Seven  Space  and 
Vanward  Technologies). 

■  WIRELESS  ■  REGULATORY  AFFAIRS  ■  CARRIER  INFRASTRUCTURE  DEVELOPMENTS 


akes 


■  Cisco  last  week  enhanced  its 
Multi-protocol  Label  Switching 
software  with  features  designed  to 
foster  greater  interoperability 
between  service  provider  networks. 
MPLS  interprovider  features  let  ser¬ 
vice  providers  combine  the  capabili¬ 
ties  of  their  individual  networks  to 
offer  corporations  a  new  set  of  opti¬ 
mized  services.  Cisco  says  service 
providers  that  take  full  advantage  of 
the  interprovider  software  will 
increase  network  resiliency,  deliver 
multicast-based  services  such  as 
streaming  video,  and  extend  VPN 
capabilities.  The  new  interprovider 
features  include  Inter-AS  multicast 
VPN,  which  lets  service  providers 
deliver  Layer  3  multicast  services  on 
an  IP  network  that  shares  resources, 
on  one  or  more  physical  networks. 
Another  feature  is  Inter-AS  Traffic 
Engineering,  which  lets  service 
providers  traffic-engineer  between 
networks  and  regions  by  configuring 
one  tunnel  at  the  headend,  as  opposed 
to  switching  tunnels  across  each  area 
that  must  be  crossed. 


■  Inmarsat,  the  satellite  company 
that  provides  roaming  communica¬ 
tions  services  to  maritime  vessels, 
military  units  and  aircraft,  is  prepar¬ 
ing  to  launch  a  new  generation  of 
satellites  that  will  let  it  offer  a  wider 
range  of  global  high-speed  voice  and 
data  offerings.  The  first  of  three 
Inmarsat  1-4  satellites  is  scheduled  to 
launch  from  Cape  Canaveral,  Fla.,  on 
Thursday  and  will  be  the  largest  com¬ 
mercial  satellite  in  the  sky,  the  com¬ 
pany  says.  1-4  is  the  fourth  genera¬ 
tion  of  Inmarsat  satellites  and  will  be 
the  backbone  of  the  company's 
Broadband  Global  Area 
Network,  offering  at  least  10  times 
the  communications  capacity  of  the 
current  network.  The  satellites  will  let 
the  company  offer  data  speeds  of  up 
to  432K  bit/sec  for  uses  such  as 
video-on-  demand,  videoconferencing, 
phone,  e-mail,  LAN,  Internet  and 
intranet  services,  it  says.  The  ser¬ 
vices  will  come  online  after  the 
launch  of  the  second  1-4  satellite 
early  this  year. 


Wi-Fi  remote-access  options  expand 

AT &T,  Sprint  and  MCI  beefing  up  hot  spots,  as  well  as  wired  Ethernet  offerings. 


■  BY  DENISE  PAPPALARDO 

Service  providers  are  expanding  the 
global  reach  of  their  Wi-Fi  and  wired 
Ethernet  networks  to  offer  users  better 
remote  access  when  traveling. 

AT&T  recently  announced  that  it  nearly 
quadrupled  its  wireless  LAN  (WLAN)  loca¬ 
tions  and  tripled  its  wired  Ethernet  loca¬ 
tions  in  the  past  12  months.  Last  year,  Sprint 
added  scores  of  hot  spots  to  bring  its  total 
number  of  Wi-Fi  locations  up  to  14, 000.  And 
MCI  says  it  will  more  than  double  its  Wi-Fi 
footprint  by  May 

“The  numbers  only  mean  something  if 
the  hot  spots  are  in  useful  locations  for 
users,”  says  Lisa  Pierce,  a  vice  president  at 
Forrester  Research.  If  a  service  provider 
has  10,000  hot  spots  but  most  are  in  cafes 
and  not  in  airports,  that’s  not  going  to  be 
as  meaningful  to  an  enterprise  customer, 
she  says. 

Service  providers  are  turning  to  Wi-Fi  to 
offer  users  secure,  remote  access  to  corpo¬ 
rate  networks  in  more  geographic  loca¬ 
tions  than  ever.  AT&T  has  expanded  the 
number  of  WLAN,  or  Wi-Fi,  hot  spots  avail¬ 
able  to  customers  to  just  more  than  9,000, 
almost  two-thirds  of  which  are  in  the  U.S. 
The  carrier  also  now  has  1,551  wired 
Ethernet  locations. 

“In  February  2004,  we  had  just  above 
3,000,  combined,”  says  Rick  Gretsch,  direc¬ 
tor  of  product  management  for  global  IP  at 
AT&T.The  carrier  had  about  2,500  Wi-Fi  hot 
spots  and  500  wired  Ethernet  locations, 
meaning  it  has  added  about  6,600  hot 
spots  and  about  1,050  wired  Ethernet  loca¬ 
tions  over  the  past  year. 

The  majority  of  the  new  Wi-Fi  locations 
come  from  AT&T’s  expanded  relationship 
with  GoRemote  Internet  Communications, 
Gretsch  says.  AT&T  does  not  own  or  oper¬ 
ate  any  of  its  hot  spots.“That’s  a  business  we 
decided  not  to  be  in,”  he  says. 

While  AT&T  owns  and  operates  a  small 
number  of  wired  Ethernet  locations,  the 
majority  of  the  1,551  broadband  loca¬ 
tions  are  supplied  through  third-party 
agreements. 

Gretsch  says  AT&T  will  continue  to  grow 
the  number  of  hot  spots  and  wired 
Ethernet  locations. 

“We  will  focus  a  lot  of  our  attention  on 
travelers  and  places  they  go  this  year” 
Gretsch  says.  That  includes  hotels  and  air¬ 
ports.  Today  AT&T  offers  Wi-Fi  access  in  70 
airports, which  include  17  of  the  20  busiest, 
he  says. 


The  carrier  says  it’s  primarily  expanding 
in  the  larger  cities  around  the  world  where 
business  users  most  frequently  travel. 

AT&T  also  is  pitching  new  service  plans, 
and  is  offering  Wi-Fi,  dial-up  and  wired 
Ethernet  service  bundles. 

The  first  bundle  includes  50  hours  of 
dial-up,  two  wired  Ethernet  days  and  four 
Wi-Fi  sessions  —  all  for  $20  per  month,  per 
user. The  second  bundle  includes  50  hours 
of  dial-up,  four  wired  Ethernet  days  and 


eight  Wi-Fi  sessions  —  all  for  $35  per 
month,  per  user.  The  third  bundle 
includes  100  hours  of  dial-up,  five  wired 
Ethernet  days  and  10  Wi-Fi  sessions  —  all 
for  $38  per  month,  per  user. 

The  carrier  also  capped  its  hourly  charge, 
which  is  yet  another  billing  option  for 
users.  If  users  choose  to  pay  for  their  Wi-Fi 
service  as  they  use,  it  they  will  be  charged 
$5.25  per  hour.  Once  customers  have  been 
on  a  Wi-Fi  connection  for  four  hours 
within  a  24-hour  period,  they  will  not  be 
charged  beyond  the  four  hours.  In  other 
words,  users  will  not  be  charged  more  than 
$21  per  day  if  they  go  with  AT&T’s  pay-as- 
you-go  package. 

Where  AT&T  has  opted  not  to  support 
any  of  its  hot  spots  in-house,  Sprint  is  tak¬ 
ing  a  slightly  different  route.  The  service 
provider  is  building  and  supporting  its 
own  WLAN  access  points  in  airports,  says 
Wes  Dittmer,  director  of  WLAN  services  at 
Sprint. 

Sprint  is  offering  Wi-Fi  service  in  four  air¬ 
ports  today  —  Kansas  City  Louisville,  Salt 
Lake  City  and  William  P  Hobby  Airport  in 
Houston.Three  more  will  come  online  by 
June,  Dittmer  says.  But  the  majority  of  its 
14,000  hot  spots  stem  from  roaming  agree¬ 
ments  with  other  service  providers  such 
as  SBC. 

While  Sprint  has  the  largest  number  of 
hot  spots,  it  does  not  have  a  comprehen¬ 


sive  remote-access  service  to  offer  business 
users  —  yet.  Sprint  is  expected  to 
announce  a  new  service  called  Extended 
Workplace  as  early  as  this  month. 

“The  service  will  include  [Code  Division 
Multiple  Access],  WLAN  and  dial-up 
remote  access  options,”  Dittmer  says. 
Unlike  AT&T  or  MCI,  Sprint’s  service  will 
offer  users  a  mobile  wireless  service  com¬ 
ponent  over  its  Sprint  PCS  network.  Dittmer 
says  Sprint  worked  with  a  third-party  soft¬ 


ware  company  to  develop  a  client  that  will 
let  users  access  the  multiple  services. 

AT&T  and  MCI’s  remote-access  offerings 
also  offer  one  client  for  multiple  access 
services,  but  neither  offer  mobile  wireless. 

A  single  client  that’s  easy  to  use  and  lets 
users  sign  on  to  multiple  access  tech¬ 
nologies  is  most  important  to  business 
users,  Forrester’s  Pierce  says.  Users  aren’t 
as  concerned  if  they’re  using  Wi-Fi  or 
wired  Ethernet  to  access  their  corporate 
network,  she  says.  “What’s  more  impor¬ 
tant  is  that  the  procedure  to  get  online  is 
uniform  from  a  customer  perspective,” 
she  says. 

Dittmer  says  Sprint’s  offering  will  not 
include  wired  Ethernet,  but  that  Sprint  will 
offer  a  custom  feature  where  users  could 
access  other  services  such  as  Ethernet, 
when  in  a  hotel,  or  DSL,  from  home. 

MCI  also  works  with  a  host  of  aggrega¬ 
tors, such  as  Boingo  Wireless  and  Wayport, 
to  create  its  network  of  5,220  Wi-Fi  hot 
spots  and  700  wired  Ethernet  locations. 
Through  its  partners  MCI  plans  to  bring  on 
thousands  of  hot  spots  in  May,  says  Kevin 
Gatesman,  senior  manager  of  emerging 
technologies  at  MCI. “We’ll  be  going  up  to 
13,700  hot  spots,”  he  says. 

MCI  also  plans  to  release  a  new  version 
of  its  client  software  and  new  tiers  of  ser¬ 
vice  for  its  business  customers  at  that 
time.B 


Wi-Fi  coverage 

Service  providers  have  been  beefing  up  their  Wi-Fi  networks  with  hot 
spots  around  the  globe. 


Carrier 

Wi-Fi  hot  spots 
in  U.S. 
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Universal  Service  Fraud:  Bailouts  for  billionaires 


You’ve  got  to  hand  it  to  those  Mafia 
wiseguys,  they  know  a  good  scam 
when  they  see  one.  From  1996 
through  last  year,  the  Gambino  crime  family 
bilked  the  Universal  Service  Fund  out  of 


some  $22  million  by  fraudulently  creating 
CassTel,  a  rural  telephone  company  pur¬ 
portedly  serving  the  2,600  denizens  of  the 
town  of  Peculiar,  Mo. 

CassTel  received  USF  dollars  thanks  to 
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I  convinced  my  boss  to  get 
this  big  honkin’  collaboration 
infrastructure  only  a  genius 
like  me  could  ever  use. 
Check  it  out  on  my  blog 
at  www.frankwillis.com 

-  Frank  Willis 


IPSWITCH’ 


<Cp  Collaboration  Suite 


Ipswitch  Collaboration  Suite,  the  solution  for  small 
and  mid-sized  business  collaboration  that  just  works. 

Use  Microsoft®  Outlook®  or  your  browser  to  connect 
to  a  powerful  industry-leading  messaging  server.  Communicate  in  real  time  with  anyone 
in  your  company  using  secure  instant  messaging.  Streamline  group  collaboration  with 
shared  calendars  and  free-busy  meeting  scheduling.  Reduce  junk  e-mail  and  stop 
viruses.  All  this,  and  Ipswitch  Collaboration  Suite  is  easy  to  install,  manage  and  use. 
Play  it  "safe"  like  Frank.  Or  be  smart.  Go  to  www.ipswitch.com  and  find  success 
with  Ipswitch  Collaboration  Suite. 
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Reliable 


60  million 

mailboxes  worldwide 


I  P  S  W  I  T  C  H 


www.ipswitch.com  or  c  ill  800-793-4825 


the  outrageous  incompetence  of  the  FCC, 
which  supposedly  oversees  how  USF  funds 
are  spent.  Exactly  how  many  brain  cells 
does  it  take  to  figure  out  that  funneling  $22 
million  into  a  town  of  2,600  people  equates 
to  nearly  $8,500  per  person? 

As  far  as  1  know,  the  telcos  of  Jackson 
Hole,  Wyo.,  have  no  connections  to  the 
Mob,  but  they’ve  got  a  scam  of  their  own. 
Jackson  Hole  is  no  poverty-stricken  rural 
enclave.  The  average  family  income  is 
more  than  $85,000,  and  51%  of  the  houses 
cost  $300,000  or  more.  Yet  Silver  Star  Com¬ 
munications  this  summer  tapped  the  USF 
to  extend  telephone  services  to  remote 
homes  in  and  around  Jackson  Hole. 

The  justification?  Silver  Star  wants  to  keep 
rich  folks  on  the  Wyoming  side  of  the 
Idaho/Wyoming  border  by  improving  their 
phone  service.  Seems  that  locals  complain 
“the  billionaires  are  pushing  the  million¬ 
aires  over  to  Idaho.” 

Last  I  checked,  the  rationale  for  the  USF 
was  to  extend  services  to  schoolchildren 
and  the  needy  —  not  line  the  pockets  of 
mobsters  or  bring  broadband  to  billion¬ 
aires. 

For  an  example  closer  to  home,  a  reader 
wrote  in  to  say  his  ISP  recently  began 
charging  him  USF  taxes  on  his  Internet 
connection  —  even  though  it’s  not  being 
used  for  voice  services,  and  competitive 
carriers  in  his  region  (including  AT&T,  SBC, 
MCI  and  XO  Communications)  don’t 
charge  USF  taxes  on  Internet  services.  After 
contacting  the  FCC  and  getting  nowhere, 
this  reader  concludes,  “It  makes  me  won¬ 
der  if  the  USF  hasn’t  outlived  its  usefulness. 
Basically  the  end  consumer  like  me,  small- 
business  owner,  [pays]  the  bill  for  large  cor¬ 
porate  America  in  addition  to  the  people 
that  the  USF  was  originally  supposed  to 
aid. . . .  Not  only  should  we  keep  an  eye  on 
the  carriers,  we  need  to  keep  an  eye  on  the 
FCC,  too.” 

Couldn’t  have  said  it  better  myself.  The 
USF  is  broken.  As  Tad  DeHaven,  columnist 
for  the  conservative  magazine  National 
Review,  puts  it:  “Most  free-market  advo¬ 
cates  have  long  considered  the  USF  to  be 
little  more  than  an  inefficient  tax  and 
redistribution  scheme.  .  . .  Why  should  a 
single  mother  in  New  York  City  have  to 
subsidize  phone  service  for  a  wealthy 
rancher  living  in  Montana?” 

And  the  FCC  has  fallen  down  on  the  job. 
Its  failure  to  effectively  oversee  how  the 
$14  billion  USF  collected  in  the  past  eight 
years  from  American  businesses  has  been 
spent  amounts  to  nothing  less  than  gross 
negligence.  Or  as  Rep.  James  Greenwood 
(R-Pa.), chairman  of  the  House  Energy  and 
Commerce  Committee’s  oversight  subcom¬ 
mittee,  said  last  year,  FCC  oversight  is 
“benign  neglect  at  best  and  reckless  indif¬ 
ference  at  worst.” 

Amen,  brother. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 
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SMBs  driving  demand  for  VoIP  services 


■  BY  JIM  DUFFY 

Large  corporations  have  been  slow  to  embrace  host¬ 
ed  or  network-based  VoIP  services  despite  the  hype 
about  lower  costs  and  compelling  applications. 
Today  most  of  the  momentum  in  business  VoIP  ser¬ 
vices  —  customer  premises  equipment-based  managed 
PBX,  hosted  IP  Centrex  and  network/softswitch-based 
voice  VPN  —  is  in  the  small-to-midsize  business  (SMB) 
market.  And  of  those  services,  hosted  IP  Centrex  is  the 
most  sought  after  because  smaller  companies  were  tra¬ 
ditionally  TDM  Centrex  customers. 

Similarly,  because  large  corporations  traditionally  have 
had  their  own  PBX  networks,  a  managed  or  unmanaged 
IP  PBX  service  is  most  appealing  to  them,  analysts  say  As 
proof,  they  point  to  the  large  managed  IP  PBX  contracts 
recently  awarded  by  Ford,  Bank  of  America,  Boeing  and 
Merrill  Lynch. 

“Hosted  is  primarily  SMBs  . . .  that  have  primarily  been 
Centrex  customers,”  says  Will  Stofega,an  analyst  at  IDC. 
“The  other  thing  we’re  seeing  is  this  managed  PBX  ser¬ 
vice,  especially  in  larger  implementations.” 

MCI  officials  point  out  that  there  are  a  lot  more  SMBs 
than  there  are  large  corporations,  so  it  only  makes 
sense  to  target  the  largest  number  of  potential  cus¬ 
tomers.  Smaller  businesses  also  are  more  like  con¬ 
sumers  when  it  comes  to  making  telecom  services 
decisions  and  purchases,  while  large  accounts  have  a 
much  longer  sales  cycle. 

“You’re  not  going  to  the  CTO  to  try  to  swap  out  a 
phone  system,”  says  Jeff  Ahlquist,  Covad  Communica¬ 
tions  vice  president  for  product  development.“It’s  a 
much  quicker  sell.” 

M^jor  growth  expected 

That  could  be  why  IP  telephony  accounts  for  a  bit  more 
than  10%  of  installed  voice  lines  in  U.S.  business,  accord¬ 
ing  to  market  researcher  In-Stat. 

SMBs  are  also  a  chief  reason  the  U.S.  market  for  hosted 
VoIP  services  will  grow  from  $5.3  million  to  $4.3  billion 
between  2003  and  2008,  according  to  IDC.  Meanwhile, 
worldwide  sales  of  IP  PBXs  will  grow  from  $3.9  billion  to 
$8.9  billion  between  2005  and  2009,  according  to  IDC. 

The  market  is  evolving  this  way  because  large  corpora¬ 
tions  with  entrenched  and  knowledgeable  IT  depart¬ 
ments  and  scores  of  custom  applications  are  reluctant  to 
outsource  their  VoIP  infrastructures.  They’d  rather  have  a 
service  provider  manage  the  routers  and  IP  infrastructure 
than  dialing  plans,  call  routing  and  administration  of  very 
specific  feature  sets. 

Smaller  customers  don’t  have  the  wherewithal  to  staff 
an  internal  service  provider,  so  they  would  rather  farm  it 
all  out  to  a  hosted  service,  which  is  essentially  what  they 
have  been  doing  up  to  now  with  Centrex. 

And  for  all  of  the  hype  surrounding  voice/data  conver¬ 
gence  and  all  of  the  nifty  applications  it  will  spawn,  the 
real  driver  behind  VoIP  service  for  businesses  is  the  same 
driver  for  any  business  —  money 
“What’s  driving  this  market?  It’s  cost  reduction,”  Stofega 
says.“It’s  not  find  me/follow  me,  or  visual  voice  e-mail  or 
things  like  that.  It’s  not  increasing  worker  productivity. 
Those  things  don’t  really  hold  water  right  now? 

Somebody  should  tell  that  to  Notre  Dame. The  Indiana 


university  is  going  to  pilot  SBC’s  PremierServ  HIPCS  ser¬ 
vice  next  week  on  220  Cisco  7960  and  7940  IP  phones.  If 
all  goes  well,  the  school  could  turn  up  5,000  HIPCS  lines 
over  the  next  few  years. 

The  chief  motivator  for  Notre  Dame  is  what  it  believes  is 
the  imminent  obsolescence  of  Centrex.  But  right  behind 
that  are  the  applications  —  unified  messaging,  find  me/ 
follow  me,  a  Web  portal  to  create  custom  dialing  plans 
and  integration  with  Cingular  Wireless  services,  and  basic 
Centrex  features  such  as  five-digit  dialing. 

“Cingular  is  going  to  play  a  very  prominent  role  in  our 
voice  services,”  says  Dewitt  Latimer,  the  university’s  deputy 
CIO  and  CTO.  Latimer  expects  to  retire  up  to  3,000  Cen¬ 
trex  lines  in  Notre  Dame  dormitories  because  most  stu¬ 
dents  use  cellular  phones. 

“The  tightness  between  the  SBC  HIPCS  deployment 
and  the  Cingular  infrastructure  is  an  attractive  proposi¬ 
tion,”  he  says. 


Latimer  says  the  cost  savings  from  VoIP  will  come  years 
later,  when  price  declines  in  traditional  Centrex  bottom 
out  while  those  for  HIPCS  keep  plummeting.  Businesses 
can  potentially  shave  up  to  50%  or  more  from  their  tele¬ 
com  expenses  by  using  a  VoIP  service,  analysts  note. 

Resun  Leasing  in  Dulles, Va.,  realized  this  kind  of  savings 
in  just  four  months. The  $200  million  prefabricated  modu¬ 
lar  building  company  opted  for  “virtual  PBX”  hosted  VoIP 
service  from  MCI  —  something  akin  to  IP  Centrex  —  to 
take  advantage  of  free  on-network  calling  between  35 
sites,  says  Resun  CIO  Emmanuel  Ramos. 

“Fifty  percent  of  all  long-distance  that  was  charged  was 
inter-company  calling,”  Ramos  says.“With  VoIRthat  was 
something  we  could  immediately  take  care  of.” 

But  users’  mileage  might  vary. 

The  total  cost  of  ownership  (TCO)  of  VoIP  might  not  be 
compelling  enough  to  make  a  wholesale  switch  from  tra¬ 
ditional  circuit-switched  TDM  services,  according  to 
Sprint.  Sprint  offers  businesses  a  managed  IP  PBX  service 
as  well  as  voice  support  on  its  IP-enabled  SprintLink 
frame  relay  service.  The  carrier  also  offers  Voice  VPN  and 
other  enterprise  VoIP  services  on  a  customer-specific 
basis, says  Doreen  Weiland, Sprint’s  director  of  integrated 
voice  services  and  product  management. 

If  users  don’t  factor  in  all  of  the  integration  and  cus¬ 


tomized  engineering  that  VoIP  services  require,  they  could 
blow  their  own  TCO  expectations  off  the  charts,  she  says. 

“Customers  really  need  to  take  a  look  at  compression 
and  voice  coder  technologies, ’’Weiland  says.“If  the  hosted 
offering  uses  the  standard  [voice  coder]  and  no  add¬ 
itional  compression  of  headers  for  your  voice  traffic,  you 
find  that  you  can’t  really  meet  [vendor]  total  cost  of  own¬ 
ership  promises.” 

Even  though  compression  might  be  required,  squeezing 
the  headers  requires  a  lot  of  processing  power  and  the 
associated  delays. 

“You  may  find  that  when  you  do  the  cost  analysis,  the 
processing  power  and  the  delay  incurred  by  that  for  the 
multiple  hops  [in  the  network]  really  does  not  actually 
benefit  you  in  going  to  VoIR’  Weiland  says.“This  is  where 
we  find  the  customers’  needs  have  not  really  resulted  in  a 
cookie  cutter  [offering] ,  especially  in  the  hybrid  [TDM 
and  VoIP]  environment.” 

“Customers  are  constantly  competing  with  the  eco¬ 
nomics  of  the  TDM  infrastructure,” she  adds.“It’s  not 
enough  just  to  say  you  have  voice  over  IP  —  you  have  to 
prove  the  economics  of  it  competing  with  the  TDM 
infrastructure.” 

Proving  the  economics  is  why  VoIP  services  have  taken 
off  faster  with  SMBs:  smaller  implementations  involve  less 
risk  and  more  immediate  and  recognizable  returns,  says 
John  Barnes,  director  of  voice  applications  at  MCI. 

“The  early  uptake  has  been  in  smaller  locations  or  in 
smaller-scale  implementations  within  enterprises  so  that 
they  can  ensure  that  their  TCO  reductions  are  realized,” 
Barnes  says.“Clearly  in  the  SMB  space,  they’ve  been  able 
to  take  that  with  a  lot  less  risk  because  the  TCO  amounts 
that  they’re  looking  at  are  substantially  smaller.  Enterprise 
customers  have  been  slower  to  migrate,  until  recently  sim¬ 
ply  to  mitigate  the  risk  and  ensure  that  their  own  analysis 
of  the  TCO  reductions  are  accurate.” 

Evidence  of  change 

However,  Barnes  adds  that  MCI  has  seen  an  uptick  in 
demand  from  larger  accounts  for  MCI’s  Advantage  VoIP 
and  Private  IP  voice  VPN  services  over  the  past  six  to 
eight  months.  MCI  will  further  stoke  that  demand  later 
this  year  by  enhancing  MCI  Advantage  with  features  that 
foster  interoperation  with  the  leading  IP  PBX  vendors 
Those  features  include  SIP  trunking:  and  other  network- 
based  and  hosted  features  that  could  potentially  displace 
TDM  and  IP  PBXs,  such  as  local  and  long-distance  gate¬ 
way  capabilities,  autoattendant,  number  portability  emer¬ 
gency  services  and  call  blocking. 

The  short-term  hosted  VoIP  opportunity  with  large  cor¬ 
porations  is  in  those  that  are  distributed,  notes  Covad’s 
Ahlquist.  Hosted  services  enable  these  businesses  to  have 
the  same  services  features  across  the  organization,  regard¬ 
less  of  where  the  location  is,  he  says. 

Ahlquist  says  large  companies  also  will  benefit  from 
hosted  VoIP  in  the  long  term. 

“As  larger  enterprises  become  more  comfortable  with 
hosted  providers  being  able  to  service  their  needs,  1  think 
it  will  be  a  natural  migration  into  that,” he  says.“But  the 
reality  of  the  market  is  a  lot  of  the  larger  companies  like 
to  have  that  premises-based  equipment.They’re  comfort¬ 
able  with  it.  Hosted  IP  will  be  used  in  very  specific  areas 
where  it  makes  most  sense.”  ■ 
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BlueRoam  offers  SOHO  VPN  service 


■  BY  TONI  KISTNER 

Robert  Brown  was  caught  in  a  time  warp 
—  working  for  a  modern  distributed  orga¬ 
nization  without  remote  access  to  the  net¬ 
work.  A  contradiction  unheard  of  in  large 
companies  is  common  in  small  firms, 
which  make  do  with  what  they  can  man¬ 
age  and  afford. 

The  vice  president  of  operations  for 
Compro  Mortgage  manages  the  company 
network  from  his  home  in  Florida;  10  loan 
officers  work  full  time  from  home,  also  vis¬ 
iting  the  six-person  Cleveland  main  office 
only  to  pick  up  mail.  The  company  has 
just  merged  with  a  tax  preparation  firm 
with  120  branches  in  18  states, so  Brown  is 
gearing  up  to  train  40  new  loan  officers  on 
the  mortgage  management  system,  Ellie 
Mae  Encompass. 

Yet  none  of  Compro’s  loan  officers 
could  access  the  main  network  from 
their  homes.  Brown  has  been  spending 
two  weeks  each  month  in  the  Cleveland 
office  working  to  integrate  systems  and 
train  new  users.  Without  connectivity, 
Encompass  sat  on  the  office  network, 
and  full  versions  of  the  program  sat  on 
each  loan  officer’s  computer.  At  the  end 
of  the  day,  loan  officers  would  e-mail 
their  updated  files  via  secure  remote  file 
transfer  to  the  Cleveland  office,  where 
someone  would  manually  update  the 
server. 

Brown  knew  he  needed  a  VPN,  but  was 
wary  of  the  cost  —  and  of  his  IT  consul- 
tant.“You  know  these  guys.They  keep  you 
dependent.  They  don’t  train  you  enough, 
and  take  the  software  disks  with  them  so 
you  have  to  call  for  everything,”  he  says. 

He  wanted  a  VPN  that  was  inexpensive 
and  that  he  could  manage  remotely.  When 
a  search  pulled  up  BlueRoam,  he  says  he 
thought  it  was  a  joke. 


BlueRoam’s  SSL  VPN  managed  service 
for  small  business  costs  as  little  as  $50  per 
month  for  two  concurrent  users;  $150  per 
month  for  10;  $200  per  month  for  25  con¬ 
current  users,  which,  depending  on  usage, 
could  serve  as  many  as  125  people. 

BlueRoam  bills  the  service  as  being  sim¬ 
ple  enough  for  non-technical  users  to  set 
up  and  maintain,  but  because  it’s  a  man¬ 
aged  service,  support  is  built  into  the 
monthly  cost.  Brown  had  trouble  config¬ 
uring  BlueRoam  to  work  with  his  desktop 
firewall,  so  he  handles  his  users’ setups  to 
ensure  they  go  smoothly 

“Now  I  can  administer  the  whole  thing 
from  my  home  in  Florida,  train  all  the  new 
users  coming  onboard  and  finally  use 
Encompass  as  it  was  meant  to  be  used,  on 
a  live  network,”  he  says.  He  expects  to  have 
all  his  loan  officers  up  and  running  by  the 
end  of  March. 

To  set  up  BlueRoam,  you  download  a 
software  “hub”  onto  a  server  —  any 
machine  that  will  be  on  all  the  time,  even 
a  workstation.  Click  the  “add  users”  button 
and  input  the  email  address  of  each  user. 
The  system  sends  users  a  link  to  where 
they  download  the  BlueRoam  client. 
Once  set  up,  users  can  access  all  network 
resources  just  like  a“reaI”VPN,over  a  128- 
bit  AES-encrypted  tunnel. 

The  VPN  hub  and  client  work  on 
Windows  XP  Pro,  Windows  2000 
Professional  and  Server,  and  Windows 
2003  Server. The  VPN  client  also  works  on 
Linux  2.4  and  above. 

South  Smoke,  a  company  that  imports 
hookahs  from  Syria,  Egypt  and  China,  is 
using  BlueRoam  to  connect  its  employees 
—  scattered  in  Miami,  Atlanta  and  parts  of 
California  —  directly  to  South  Smoke’s 
CRM  application,  also  for  the  first  time. 
“Now  we  can  respond  to  customers  more 
quickly,  edit  purchase  orders  and  update 
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inventor^’  says  founder  Brennan  Appel. 

In  Indianapolis,  the  systems  administra¬ 
tor  of  a  small  financial  services  firm  was 
suffering  similar  pains.Two  years  ago,  the 
administrator  (who  asked  not  to  be 
named)  bought  a  sub-$  1,000  security 
appliance  primarily  to  provide  remote 
access  to  20  of  his  100  users.  But  the  box 
was  possessed;  it  would  randomly  dis¬ 
connect  people,  work  fine  for  some 
users  but  not  for  others  with  no  rhyme  or 
reason.  Eventually,  many  people  just 
stopped  using  it. 

“After  a  year  and  a  half  of  people  telling 
me  ‘I  can’t  get  in’  it  was  time  to  find  some¬ 
thing  else,”  he  says.  “I  wanted  a  managed 
service.  I  didn’t  want  to  have  to  deal  with 
hardware.  I  was  already  too  busy  explain¬ 
ing  why  the  stuff  we  already  bought  isn’t 
doing  what  I  said  it  would.” 

After  browsing  high-priced  managed 
VPN  services  from  companies  such  as 
Qwest  and  AT&T,  he  found  BlueRoam. 
“Keep  in  mind,  I  didn’t  have  a  budget  for 


this.  I’d  already  spent  the  money  allotted 
for  a  VPN  on  the  security  appliance,”  he 
says. 

He  started  on  the  low  end  with  two  con¬ 
current  user  services.“I  hope  once  people 
here  see  it  work,  the  boss  will  put  it  into 
the  budget.  1  said  to  them,  ‘Look,  this  one 
works.  Do  you  want  the  convenience  or 
not?’”  he  says. 

Brown’s  users  access  primarily  e-mail 
and  Encompass.  But  the  system  adminis¬ 
trator  is  using  a  thin-client  strategy  to  cut 
down  support  costs.  His  users  access  all 
their  applications  on  the  server  via 
Microsoft  Terminal  Services  running 
over  a  BlueRoam  connection.  This  way, 
he  doesn’t  have  to  worry  about  updating 
and  maintaining  software  on  individual 
PCs,  nor  is  he  concerned  with  people 
accessing  the  network  from  their  own 
home  PCs. 

Like  Brown,  the  system  administrator  set 
up  his  users  himself  and  hit  one  snag. 
Because  the  BlueRoam  client  requires 
Java  to  work  with  Linux  clients,  it  down¬ 
loads  the  newest  version  of  the  Java  client 
to  the  desktop.  But  one  user  required  an 
earlier  Java  version  to  run  a  specific  appli¬ 
cation,  which  the  BlueRoam  VPN  client 
overwrote,  disabling  the  application.  And 
because  the  system  administrator  has 
some  users  on  dial-up,  he’s  fielding  some 
performance  complaints. 

“Some  people  complain  about  perfor¬ 
mance  no  matter  what,”  he  says.  “But  for 
dial-up,  it  can  take  30  minutes  to  make  a 
connection.  But  when  I  connect  over 
broadband,  it  takes  30  seconds.”  ■ 
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Takes 


■  Actiontec  Electronics  has 

shipped  new  HomePlug  network 
equipment.  The  Actiontec  Ether¬ 
net  Adapter  Kit  contains  two 
adapters,  one  for  the  power  outlet 


near  the  router,  the  other  for  the 
power  outlet  near  the  PC.  Data 
rates  are  14M  bit/sec,  and  56-bit 
DES  encryption  configures  auto¬ 
matically.  The  Wireless  Kit  ex 
tends  802.1 1g  networks;  plug  the 
adapter  in  near  the  router,  then 
plug  the  access  point  in  an  area 
where  the  wireless  signal  doesn't 


reach.  The  company  says  devices 
within  a  150  feet  range  of  the  ac¬ 
cess  point  will  connect.  The  Ether¬ 
net  Kit  costs  $130;  the  Wireless  Kit 
costs  $170. 

■  Smart  Online  this  week  debuted 

OneBiz  Conductor,  an  ERP  plat 
form  for  small  companies  with  up  to 


500  workers.  The  product  provides  e 
dashboard  to  integrate  manage¬ 
ment  of  financial,  legai,  human 
resources,  CRM  and  other  enter 
prise  applications  using  an  open 
standards  framework.  OneBiz 
Conductor  facilitates  data  exchange 
between  these  different  applica¬ 
tions.  Pricing  starts  at  about  $30 
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Constant,  uninterrupted  access  to  critical  data,  systems  and  people.  Even  when  something  goes  wrong,.  That’s  Information. Availability.  And  one  of 
ffcAthe.best  ways  to  virtually  guarantee  Information  Availability  is  by  running  your  production  systems  out  of  our  facilities.  You  manage  your  applications 
•3A  and  data' while  SunGard  Availability  Services  helps  to  ensure  that  the  infrastructure  and  technical  support  you  need  .1$  always  on.  Sun  Gary  can 
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a  lower  operational  cost  for  production.  Plus  we  have  over  60  state-of-the-art  hardened  facilities  with 
network,' power  and  equipment  redundancies  that  are  unparalleled.  For  a  free  copy  of  the  IDC 
••  White  Paper:  "Ensuring  Information  Availability”  visit  www.availability.sungard.com/idcwp. 
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BFD  spots  router  forwarding  failures 


HOW  IT  WORKS 


Bidirectional  Forwarding  Detection 

The  BFD  protocol  detects  errors  in  forwarding  paths 
and  can  be  used  to  switch  traffic  to  alternate  routes, 
interfaces  or  even  entire  networks. 


PBX  or  media 
gateway 


Ethernet 

infrastructure 


a 


ill 


Edge  router  1 

IP  core 

Edge  router  2 


■  BY  MATT  (COLON 

IP  networks  were  not  designed  to  repair 
failures  in  sub-second  intervals,  but  appli¬ 
cations  such  as  VoIP  increasingly  are  dri¬ 
ving  the  need  for  rapid  failure  detection 
and  correction.  Traditional  routing  infra¬ 
structure  has  been  limited  in  meeting  the 
failure-resolution  requirements  of  real-time 
applications  such  as  voice. 

A  new  protocol,  Bidirectional  Forwarding 
Detection  (BFD),  is  helping  to  overcome 
these  limitations  and  increase  the  speed  of 
failure  detection  and  recovery  An  IETF 
draft  standard,  BFD  provides  a  simple,  light¬ 
weight  and  abstract  method  of  detecting 
the  ability  of  links  or  systems  to  forward 
traffic. 

Multilayer  detection 

BFD  is  sufficiently  abstracted  from  under¬ 
lying  transport  technologies  so  that  it  can 
detect  failures  at  many  layers.  It  can  be 
used  to  monitor  the  validity  of  Ethernet 
networks,  Multi-protocol  Label  Switching 
(MPLS)  label-switched  paths,  Generic 
Routing  Encapsulation  or  IPSec  tunnels,  or 
virtually  any  other  type  of  transport. 

At  its  heart,  BFD  is  a  high-speed  stand- 


Got  great  ideas 


■  Network  World  is  looking  for  great 
ideas  for  future  Tech  Updates.  If  you 
want  to  contribute  a  primer  on  a  spe¬ 
cific  technology,  standard  or  protocol, 
contact  Amy  Schurr,  senior  managing 
editor,  features  (aschurr@nww.com). 


©  PBX  or  media  gateway  establishes  peer 
relationship  with  router  in  IP  core.  BFD  packets 
are  monitored  at  predetermined  intervals. 


alone  hello  protocol  (similar  to  those  used 
in  routing  protocols  such  as  Open  Shortest 
Path  First  or  Intermediate  System-to- 
Intermediate  System  that  can  be  associ¬ 
ated  with  a  link,  interface,  tunnel,  route  or 
other  network  forwarding  component). 

BFD  neighbor  systems  negotiate  a  peer 
relationship,  and  each  monitors  the  flow  of 
BFD  packets  coming  from  the  other  sys¬ 
tems  at  the  negotiated  rate.  This  can  be 
specified  in  sub-millisecond  increments. 

When  a  peer  system  misses  receipt  of  a 
certain  preconfigured  number  of  packets,  it 
infers  the  failure  of  the  BFD-protected  soft¬ 
ware  or  hardware  infrastructure,  whether  it 
be  a  label-switched  path,  a  tunnel  of  some 
other  type  or  a  switched  Ethernet  network. 

BFD  is  implemented  in  the  control 


©  Failure  in  intervening  ©  Router  and  PBX/gateway 
Ethernet  network  causes  switch  traffic  to  alternate 
interruption  in  BFD  packets.  redundant  route. 


plane  of  routers  and  other  systems.  A  net¬ 
work  failure  detected  by  BFD  can  be  cor¬ 
rected  by  the  forwarding  plane  (for 
instance,  in  MPLS  fast  reroute),  or  by  the 
control  plane  (for  example,  when  BFD  is 
used  to  speed  up  the  operation  of  routing 
protocols). 

Simple  solution 

The  simplicity  of  BFD  makes  it  possible 
to  use  it  in  some  applications  that  have 
never  had  an  adequate  solution  for  for¬ 
warding  failure  detection.  Consider,  for 
example,  an  application  wherein  a  VoIP 
media  gateway  is  connected  to  an  IP  core 
over  a  switched  Ethernet  network  (see 
graphic). 

This  type  of  application  traditionally  pre¬ 


sented  two  challenges: 

•  Currently  the  media  gateways  do  not 
maintain  a  peer  relationship  at  the  IP 
layer,  so  there  is  no  network-visible  means 
of  detecting  failures  between  it  and  the  IP 
edge  router. 

•  Ethernet  has  no  way  of  notifying  a  host 
or  router  that  a  failure  has  occurred  in  a 
distant  part  of  a  switched  network.  Rapid 
link  failure  detection  is  important  for  high 
availability  of  VoIP  networks,  but  it  is  not 
easy  to  rapidly  detect  link  failure  when  an 
intervening  switch  is  present  between 
host  and  router. 

Media  gateway  component 

BFD  is  simple  enough  to  be  included  in 
media  gateway  platforms  and  in  this 
example  can  be  used  to  maintain  con¬ 
nectivity  between  the  gateway  and  its 
edge  routers. 

Failure  of  the  intervening  Ethernet  seg¬ 
ment  or  segments  will  be  detected  by 
BFD,  which  lets  the  gateway  and  router 
switch  to  alternate  redundant  paths.  Once 
a  failure  is  detected  and  verified,  BFD  can 
trigger  the  resolution  mechanisms  in  all 
routing,  transport  and  tunneling  systems. 

Because  its  mission  is  simple  and 
abstract,  BFD  can  concentrate  on  finding 
forwarding  faults  as  quickly  as  possible, 
and  thereby  let  voice,  video  and  other 
demanding  services  get  the  forwarding 
service  they  need  to  be  successful. 
Protocols  such  as  BFD  are  letting  service 
providers  deliver  VoIP  and  other  real-time 
services  over  IP  with  the  levels  of  reliabil¬ 
ity  and  availability  customers  demand. 

Kolon  is  senior  technical  solutions  man¬ 
ager  for  Juniper.  He  can  be  reached  at 
mkolon@juniper.net. 


Ask 


Dr.  Internet  By  Steve  Blass 

You  recently  (www.nwfiision.com,  DocFinder: 
6129)  recommended  using  Windows  Internet  Con¬ 
nection  Sharing  to  connect  a  home  network  with 
wireless  Windows  XP  and  Macintosh  systems  to 
the  Internet  Can  you  use  the  Mac  as  the  network 
address  translation  gateway  in  such  a  network? 

To  set  up  a  Macintosh  as  a  NAT  server  and  Inter¬ 
net  gateway  in  a  wireless  net,  you  can  use  Apple’s 
AirPort  software  to  build  the  wireless  gateway 


and  connect  to  the  Internet  through  the  Mac's 
wired  Ethernet  connection.  With  Mac  OS  9,  config¬ 
ure  the  AirPort  Base  Station  using  the  same  pro¬ 
gram  used  to  set  up  the  wireless  card  by  choosing 
“Software  Base  Station"  under  "AirPort"  in  the 
Apple  menu.  On  Mac  OS  10.2  and  higher,  open  the 
System  Preferences  menu,  choose  "Internet  & 
Network  Sharing,"  then  “Internet,"  and  click  the 
start  button  to  turn  on  Internet  sharing  through 
the  wireless  connection.  On  dual-boot  OS  9/X  sys¬ 


tems,  you  can  set  up  the  base  station  in  OS  9  arid 
then  use  it  in  OS  X.  Either  way,  the  gateway  Mac 
can’t  connect  to  other  wireless  networks  because 
it  is  now  an  access  point.  You  need  a  wired 
Internet  connection  or  a  second  wireless  card  to 
serve  as  the  shared  Internet  connection. 

Blass  is  a  network  architect  at  Change@Work  in 
Houston.  He  can  be  reached  at  dr  internet @ 
changeatwork.  com. 
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Proxies:  Theory  and  serious  practice 


GEARHEAD 
INSIDE  THE 
NETWORK 
MACHINE 

Mark 

Gibbs 


This  week  we  continue  with  proxies,  a 
topic  we  started  to  explore  last  week. 
Essentially  a  proxy  server  acts  as  a 
router  of  application-level  protocol  ex¬ 
changes.  Additionally,  proxies  provide  net¬ 
work  address  translation,  which  is  useful  as 
it  hides  the  details  of  the  internal  network. 
This  masking  also  potentially  provides 
anonymity  to  the  client  (exactly  how 
anonymous  the  client  is  depends  on  the 
client’s  configuration). 

Forward  proxying,  the  protocol-level  re¬ 
laying  of  internal  network  requests  to  exter¬ 
nal  hosts,  can  require  the  client  application 
to  specifically  support  proxy  services  or  it 
can  be  transparent  to  the  application. 

Reverse  proxying  routes  external  requests 
from  remote  computers  into  the  LAN  rather 
than  the  internal  requests  from  local  com¬ 
puters  out  of  the  LAN.This  provides  a  much 
more  powerful  DMZ  solution  than  regular 
routers  and  firewalls  can  provide. 

Because  proxies  handle  data  at  the  proto¬ 
col  level  rather  than  the  packet  level,  they 


can  monitor  and  analyze  entire  protocol 
exchanges  and  thereby  provide  much 
more  detailed  filtering,  monitoring,  security 
and  auditing  capabilities  than  can  security 
subsystems  that  aren’t  aware  of  protocol- 
based  transactions.This  means  undesirable 
content  such  as  specific  text  and  data  types 
(executables,  Flash  content,  ActiveX  con¬ 
trols)  that  you  don’t  approve  can  be  filtered 
out  along  with  viruses  and  other  malware. 

Proxy  servers  can  be  simple  add-on  soft¬ 
ware  such  as  the  product  we  discussed  a 
few  weeks  ago,  or  they  can  be  complex,  all¬ 
singing,  all-dancing  hardware-based  offer¬ 
ings  such  as  the  Blue  Coat  ProxySG  from 
Blue  Coat  Systems  (www.bluecoat.com). 

The  ProxySG  is  an  appliance-style  device 
that  handles  Web,  FTP  and  reverse  proxy 
services,  and  content  management  and  fil¬ 
tering,  spyware  prevention,  Web  virus  scan¬ 
ning,  instant-messaging  control,  peer-to- 
peer  service  control  and  bandwidth  man¬ 
agement.  In  other  words,  this  isn’t  just  a 
proxy  system  but  an  entire  suite  of  proxy- 
based  content  control,  network  security 
and  performance  management  services. 

The  ProxySG  appliances  are  not  for  the 
faint  of  heart.  They  have  their  own  operat¬ 
ing  system,  SGOS,  which  provides  a  com¬ 
plex  Web-based  management  interface 
along  with  a  more  powerful  command-line 


interface  (CLI).  Some  features  can’t  be  set 
up  through  the  Web  GUI  —  a  pity  because 
the  CLI  is  hard  work. 

To  see  how  complicated  this  system  is, 
just  take  a  look  at  the  Configuration  and 
Management  Manual,  which  runs  to  869 
pages;  the  Command  Line  Interface  Refer¬ 
ence  is  a  relative  lightweight  at  228  pages; 
and  the  Content  Policy  Language  Guide 
weighs  in  at  390  pages.  The  SGOS  3.2.x 
Upgrade  Guide,  which  wraps  up  the  docu¬ 
mentation,  is  a  mere  32  pages. 

We  explored  the  ProxySG  400  quite 
deeply  but  we  will  be  the  first  to  admit  that 
we  were  overwhelmed  by  the  scale  of  the 
product,  and  given  the  limited  time  avail¬ 
able,  there  were  features  we  simply  didn’t 
have  time  to  test. That  said,  the  features  we 
explored  showed  us  that  this  is  a  first-class 
piece  of  engineering. 

Basic  setup  is  reasonably  simple  and  con¬ 
figuration  options  abound.  We  particularly 
liked  the  Visual  Policy  Manager,  a  GUI  that 
lets  you  define  Web  access  and  resource 
control  policies  without  having  to  wrestle 
with  Content  Policy  Language  or  having  to 
manually  edit  policy  files. 

The  ProxySG  also  can  provide  useful  IT 
functions,  such  as  forcing  the  display  of  a 
splash  page  (“We  are  watching  where  you 
go  . . .”  or  “System  maintenance  from  2  to  3 


p.m.  today”)  that  is  presented  before  users 
receive  the  contents  of  their  HTTP  requests. 
You  even  can  configure  the  warning  to 
appear  only  once  a  day  for  any  given  user. 

Unfortunately  you  can  only  set  up  this 
feature  using  the  CLI  so  it  involves  lots  of 
arcane  commands,  which  means  you’ll 
want  to  automate  the  process  if  you  plan  to 
do  this  routinely 

Another  powerful  feature  of  the  ProxySG 
is  its  caching.  Blue  Coat  says  that  up  to 
60%  of  end-user  requests  for  content  are 
redundant,  which  means  large  organiza¬ 
tions  can  reclaim  a  significant  amount  of 
Internet  connectivity  bandwidth.  The 
ProxySG  also  supports  policy-based  band¬ 
width  limits. 

The  bottom  line  is  that  the  ProxySG  archi¬ 
tecture  is  powerful  and,  compared  with 
products  of  similar  technical  heft,  the 
SG400’s  $4,800  price  tag  looks  good.  When 
you  move  up  to  the  big  ProxySG  models, 
such  as  the  $40,000  ProxySG  8000, you  have 
a  device  capable  of  handling  all  these  ser¬ 
vices  for  enterprise-sized  operations  at  an 
excellent  price/performance  ratio. 

Exchange  your  protocols  with  gearhead 
@gibbs.com.  PS.  We  have  a  blog /  That’s 
right  —  Gearblog  ( www.nwfusion.com/ 
weblogs  /gearblog)  is  waiting  for  you. 


Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 
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Sony  Ericsson  melds  Walkman  with  a  cell 
phone 

If  the  last  few  years  were 
the  camera  phone  years, 
we  could  see  the  dawn¬ 
ing  of  the  music  phone 
years  pretty  soon.  Sony 
Ericsson  last  week 
launched  the  W800,  a 
Walkman-branded 
mobile  phone,  that  can 
let  users  listen  to  music, 
make  phone  calls,  and 
take  photos  and  video  all 
with  one  device.The  W800 
is  scheduled  to  be  released 
in  the  third  quarter  of  this  year, 
and  pricing  has  not  been 
announced. 

The  W800  includes  a  2- 
megapixel  digital  camera  with 
autofocus,  a  picture  light  and 
active  lens  cover;  a  digital  music 

Sony  Ericsson  s  W800  player  that  can  hold  about  150 
Walkman-brand mobile  .  ...  ...DO  ,  , 

phone  lets  users  listen  music  flles  (MP3  and  ^  for' 
to  music,  make  phone  mat)  on  an  included  512M-byte 

calls  and  take  photos.  Memory  Stick  Duo  card;  and  a 


battery  that  promises  up  to  30  hours  of  life  (only  15 
hours  if  the  phone  part  is  turned  on).  The  phone  will 
work  on  900/1 800/ 1900-MHz  Europe  wide-area  wireless 
networks. 

logear  merges  USB  hub,  card  reader 

My  desk  at  the  moment  includes  a  media  card  reader 
attached  to  a  USB  hub  that  is  attached  to  my  docking 
station.  Lots  of  cables  and  devices  are  litter¬ 
ing  the  desktop,  which  means  I  was 
happy  to  hear  about  a  new  device  from 
logear.  The  company  last  week 
launched  a  USB  2.0  hub  and  card  read¬ 
er  that  merges  the  hub  with  the  media 
card  reader.  Priced  at  about  $50,  the 
device  includes  six  USB  2.0  ports  and  a 
12-in-4  card  reader  (four  slots,  12  media 
cards  supported)  that  lets  you  transfer 
^  files  from  your  media  card  onto  your 

PC  or  Macintosh.  The  device  works 
;  _  with  Mac  OS  8.6  to  9.x  and  OS  X;  and 

!$.  Windows  98  Second  Edition,  ME, 

2000  and  XP  systems. 

With  six  USB  2.0  ports  and  four  card  reading 
ports,  logear's  USB  hub  and  media  card 
reader  might  be  the  key  to  a  neater  desktop. 

Latest  Toshiba  projector  could  appeal  to  all  types 

Toshiba’s  digital  products  division  announced  last 
week  the  TDP-S25U  projector,  aimed  at  educators, 
mobile  workers,  corporate  users,  and  small  and  mid¬ 
size  businesses,  with  a  $1,000  price  point. 

The  projector  uses  digital  light  processing  technolo¬ 
gy  to  produce  images  with  1,800  lumens  of  brightness, 
a  2,000:1  contrast  ratio  and  native  800-by-600-pixel 
(SVGA)  resolution. The  TDP-S25U  includes  video  input 
and  output  options  such  as  composite  (RCA),  compo¬ 


nent  and  S-video.  It  weighs  6.6  pounds  and  includes 
features  such  as  one-touch  automatic  setup,  key¬ 
stone  correction  and  remote  control.  The  projector  is 
available  through  Toshiba’s  Web  site  (www.toshiba 
direct.com). 

Altec  Lansing  offers  XM  radio  speaker  system 

Altec  Lansing  recently  launched  a  home  speaker 
system  that  lets  XM  Radio  Roady  or  Ready  2  device 
owners  listen  to  their  satellite 
radio  service  in  a  home  set¬ 
ting.  The  MX5021 /Roady 
Home  Listening  Sys¬ 
tem  costs  about  $200 
and  pairs  a  three- 
piece  Altec  Lansing 
MX502 1  Powered 

Audio  System  with  a 
custom-built  dock 
for  the  Roady  receiv¬ 
er  and  antenna. 

The  bundle  in¬ 
cludes  two  desktop- 
size  satellite  speakers 
and  a  matching  sub¬ 
woofer  that  supports 
THX-certified  sound. 

The  docking  cradle 
includes  adjustment 
of  bass,  treble  and 

volume.  An  auxiliary  input  jack  in  the  back  of  the  sub¬ 
woofer  lets  users  connect  a  PC,  TV  or  DVD/CD/MP3 
player  (so  you  can  hook  up  your  iPod  to  the  speakers, 
as  well). 

The  package  is  available  now  and  can  be  bought  at  the 
Altec  Lansing  or  XM  Radio  Web  sites. 

Shaw  can  be  reached  at  kshaw@nww.com. 


Altec  Lansing  moves  XM  satellite 
radio  a  little  closer  to  home  with 
its  MX5G21/Roady  Home 
Listening  System. 


350+  Top  Exhibitors  on 
the  Exhibit  Floor  with 
8  Targeted  Technology 
Zones  and  Pavilions 

100+  Educational  Sessions, 
including  6  Comprehensive 
Conferences  Revolving  Around  6  Key 
Themes,  3  Special  Interest  Days 
and  36  Tutorials  and  Workshops 

6  Visionary  Keynotes 
by  Leading  Industry 
Executives 


Visionary  Keynotes 

John  Chambers 

President  and  Chief  Executive  Officer, 
Cisco  Systems 


Hossein  Eslambolchi 

President — AT&T  Global  Networking  Technology 
Services,  Chief  Technology  Officer  and  Chief 
Information  Officer,  AT&T 


Scott  Kriens 

■  Chairman  and  Chief  Executive  Officer, 
Juniper  Networks 


Sean  Maloney 

Executive  Vice  President 
General  Manager,  Mobility  Group, 
Intel 
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OH  TECHNOLOGY 

John  Dix 

Vendors 
bullish  on  grid 
computing 


At  the  recent  GlobusWorld  conference  on  grid  com¬ 
puting  in  Boston  we  hosted  a  panel  discussion  titled 
“Grid  and  the  Future  of  the  Network  Machine”  which 
featured  a  cross  section  of  vendor  speakers,  representatives 
from  Cisco,  HR1BM,  Intel,  Nortel  and  SAP 
The  conversation  was  far  reaching  but  a  handful  of 
points  stood  out  (see  www.nwfusion.com,  DocFinder:  6131, 
for  a  full  transcript).  One  concerned  whether  grid  intelli¬ 
gence  ultimately  would  migrate  into  the  network. 

Franco  Travostino,  director  of  advanced  technology  at 
Nortel,  said  intelligence  has  to  be  everywhere,  a  sentiment 
echoed  by  Cisco’s  Rob  Redford.vice  president  of  product 
and  technology  marketing:  “Intelligence  has  to  be  in  all  the 
layers,  in  upper  level  middleware  and  lower  middleware,  in 
the  network,  in  the  operating  system. The  issue  is  how  do 
we  make  the  different  layers  —  rather  than  having  an  air 
gap  between  them  —  how  do  we  move  them  together  so 
they  can  work  together  more  efficiently?” 

Blending  the  layers  is  necessary,  the  panelists  said,  if  grids 
are  to  achieve  their  true  promise.  Redford  said:“When  we 
talk  about  intelligent  networks,  we’re  talking  about  net¬ 
works  that  actually  participate  with  the  applications  and 
the  services.  Grid,  service-oriented  architectures,  Web  ser¬ 
vices  —  we  think  all  of  these  eventually  have  to  flow 
together  and  will  ultimately  change  the  architecture  of 
enterprise  networks.” 

David  Martin,  IBM’s  program  director  of  Internet  stan¬ 
dards  and  technology,  said:  “The  real  challenge  for  the 
industry  is  to  integrate  these  different  layers  under  a  com¬ 
mon  management  structure. The  solution  is  standards.  A  lot 
of  the  win  in  grid  is  not  necessarily  around  utilization  — 
it’s  cheap  to  buy  more  processors  and  storage.  The  win  is  to 
be  able  to  bring  up  a  new  application  quickly  and  effi¬ 
ciently  and  with  one  common  management  interface.” 

Vendors  are  counting  on  standards  to  ensure  their 
respective  grid  components  will  play  together.  Michael 
Feinberg,  vice  president  and  CTO  of  HP’s  Network  Storage 
Solutions,  said:  “The  industry  as  a  whole  is  moving  toward 
common  standards,  and  the  Globus  tool  kit  is  helping.” 

IBM’s  Martin  added:  While  some  vendors  talk  about  the 
Adaptive  Enterprise  and  others  talk  about  the  Dynamic 
Grid  Infrastructure, “if  you  dig  down  in  all  of  the  market 
speak  you  find  an  incredibly  common  set  of  things  that  are 
being  done.” 

And  what  of  grid-enabled  applications?  SAP’s  Alexander 
Gebhart,  development  manager  of  Netweaver.said  there 
are  a  lot  of  challenges,  but  the  company  is  well  beyond  the 
prototype  phase  and  readying  product  for  production.  He 
wouldn’t  comment  on  timing. 

— John  Dix 
Editor  in  chief 
jdix@nww.com 
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Reviving  Ma  Beil 

Regarding  the  story  “SBC/AT&T  seen  as  only  the  first 
act”  (www.nwfusion.com,  DocFinder:  6122):  Michi¬ 
gan  Bell  became  Ameritech,  which  in  turn  was 
bought  by  SBC.  So  for  those  of  us  in  Michigan,  SBC 
snapping  up  AT&T  is  tantamount  to  putting  Ma  Ball 
right  back  together  the  way  she  was.  I  can  in  no  way 
see  this  as  the  end  of  Ma  Bell  —  it’s  a  reconnecting 
of  the  separated  (divested)  companies. 

Geoffrey  Rarick 
Database/network  administrator 
Thoracic  &  Cardiovascular  Institute 
Lansing,  Mich. 

Merger  mantra 

Your  editorial  “The  last  turn  in  AT&T’s  twisted  fate” 
(DocFinder:  6123)  provides  a  brief  and  to-the-point 
sad  history  of  AT&T’s  entry  into  a  competitive  mar¬ 
ket,  after  nearly  a  century  as  a  regulated  monopoly 

The  problem  is  that  the  dumb  strategy  that  got 
AT&T  in  trouble  is  widely  taught  in  business  school, 
encouraged  by  Wall  Street  and  practiced  by  senior 
management  nearly  everywhere.  “Grow  the  busi¬ 
ness”  is  half  of  an  often  overly  and  badly  executed 
business  mantra  (“increase  profits”is  the  other  half). 

Is  there  a  time  and  place  where  the  mantra  is  use¬ 
ful?  Yes,  but  much  more  rarely  than  it  is  applied.  But 
because  mantras  are  meant  to  be  repeated  (al¬ 
though  this  should  be  done  while  keeping  eyes 
open  and  mind  engaged), we’ve  observed  the  merg¬ 
ers  of  IBM  and  Rolm,  HP  and  Compaq,  WorldCom 
and  everybody  and  so  on. 

Stephen  Wyman 
Network  specialist 
Texas  Department  of  Transportation 
Austin, Texas 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  1 1 8  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 


Not  all  selfishness 

Regarding  Mark  Gibbs’  BackSpin  column  “The  self¬ 
ish  ’Net  and  the  Big  One”  (DocFinder:  6124):  Many 
large  institutions,  especially  commercial  entities, 
might  be  totally  selfish,  but  not  everyone  is. 

I  have  been  on  the  Internet  since  1988.  The  use  of 
the  Internet  to  share  knowledge  and  tie  together 
people  was  a  primary  motivator  for  the  push  to 
expand  access  in  the  early  years. 

I  was  running  a  university  computer  system  and 
network  when  the  first  version  of  the  Mosaic  Web 
browser  became  available.  The  university  librarians 
and  IT  people  quickly  saw  the  power  of  the  new 
graphical  interface  to  the  Internet.  The  legislature 
and  state  institutions  put  up  the  money  and  individ¬ 
uals  put  in  their  time  and  energy  to  expand  Internet 
usage  far  beyond  the  universities  and  research  labs. 

My  memory  of  the  early  1990s  is  of  a  huge  out¬ 
pouring  of  energy  directed  at  expanding  the 
Internet  into  every  part  of  society  Most  of  us  did  not 
imagine  the  effect  the  commercial  use  of  the 
Internet  would  have  on  all  of  the  other  aspects,  but 
the  spirit  of  the  time  was  sharing  and  educating. 

We  have  not  gone  awayWe  are  still  here,  working  to 
keep  the  Internet  open  and  available.  We  are  not  as 
visible  as  eBay  or  Amazon.com,  but  they  need  us 
more  than  we  need  them.  If  the  Internet  goes  down 
for  a  few  weeks,  we  will  still  be  here  when  it  comes 
back  up.  Will  Amazon.com? 

My  personal  experience  is  that  the  people  who 
would  need  to  commit  the  money  to  fix  the  Inter¬ 
net’s  security  problems  think  their  golf  game  is  more 
important  than  the  “utilities”  that  underlie  the  boring 
part  of  their  business.  Think  about  how  many  back¬ 
up  power  generators  were  installed  after  the  last  East 
Coast  blackout.  If  the  Internet  goes  black  for  a  while, 
we  will  see  some  resources  committed  to  fix  at  least 
the  one  weakness  that  was  exploited  that  time. 

Conrad  Muller 
Juneau, Alaska 


More  online!  www.nwftjsion.com  Find  out  what  readers  are  saying  about  these  and  other  topics.  DocFinder;  6121 
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STRATEGY  SESSION 

Jeff  Kaplan 

It  seems  like  nearly  every  IT/network  sup¬ 
plier  and  service  provider  is  adding  man¬ 
aged  services  to  its  portfolios.  Yet  almost 
every  supplier  and  service  provider  I  talk  to 
admits  that  selling  managed  services  has 
been  harder  than  expected.  Why  the  discon¬ 
nect?  Bad  packaging,  pricing,  positioning  and 

salesmanship. 

My  organization  defines  managed  services  as  a  set  of  turnkey  services 
that  assume  responsibility  for  the  deployment  and  ongoing  adminis¬ 
tration  of  specific  IT/network  functions.These  services  tend  to  be  deliv¬ 
ered  remotely  and  generally  are  packaged  and  priced  on  an  annual, 
subscription-fee  basis. 

Originally  telecom  carriers  offered  managed  services  to  support  their 
largest  customers’  complex  WAN  management  requirements.  Today, 
managed  services  appeal  to  companies  of  all  sizes  because  they 
address  a  wider  range  of  IT/network  management  issues.  Managed  ser¬ 
vices  also  are  more  attractive  than  traditional  outsourcing  arrange¬ 
ments  because  they  can  be  acquired  on  an  incremental  basis. 

Growing  interest  in  managed  services  is  attracting  a  broader  array  of 
IT  hardware  and  software  vendors,  value-added  resellers,  integrators 
and  outsourcers.  The  first  problem  these  managed  service  providers 
face  is  packaging.  Many  of  these  companies  merely  are  renaming  their 
maintenance  or  outsourcing  capabilities  rather  than  offering  genuine 
managed  services.  Others  are  creating  complicated  managed  service 
portfolios  that  confuse  potential  customers. 

The  second  issue  is  pricing.  Rather  than  provide  a  simple  fee  sched¬ 


Why  managed  services  fail 


ule  for  their  managed  services,  many  providers  have  created  complex 
pricing  algorithms  that  frustrate  prospective  customers. 

The  third  challenge  is  positioning  these  services  properly  In  most 
cases,  managed  services  are  simply  promoted  as  a  way  to  reduce  staff 
and  lower  operating  costs.  While  these  benefits  are  essential,  few  man¬ 
aged  service  providers  can  clearly  differentiate  themselves  or  show 
how  they  add  value  to  their  customers. 

But  the  biggest  obstacle  to  selling  managed  services  is  poor  sales 
skills.  Many  managed  service  providers  rely  on  traditional,  transaction- 
oriented  salespeople  to  sell  managed  services.  These  salespeople  gen¬ 
erally  are  good  at  selling  relatively  standardized  products  or  services 
but  inexperienced  at  selling  ongoing  managed  service  relationships. 

Unlike  traditional  products  or  maintenance  services,  managed  ser¬ 
vices  can’t  simply  be  sold  and  left  behind  with  limited  support  from  the 
supplier. The  fundamental  value  of  a  managed  service  is  that  the  sup¬ 
plier  is  promising  to  monitor  and  mitigate  potential  risks  proactively 

Rather  than  simply  selling  the  cost  savings  of  managed  services,  sales¬ 
people  must  learn  how  to  convince  their  enterprise  customers  of  the 
potential  business  value  of  their  offerings. 

The  good  news  is  that  the  proliferation  of  managed  services  has  cre¬ 
ated  a  buyer’s  market  for  managed  services  that  can  alleviate  many  has¬ 
sles  associated  with  day-to-day  IT/network  operations.  The  bad  news  is 
that  few  managed  service  salespeople  know  how  to  properly  sell  their 
managed  service  capabilities  and  potential  business  benefits. 


The  biggest 
obstacle  to 
selling  managed 
services  is  poor 
sales  skills. 


Kaplan  is  managing  director  of  THINKstrategies,  a  consultancy  in 
Wellesley,  Mass.  He  can  be  reached  at  jkaplan@thinkstrategies.com. 


YANKEE  INGENUITY 

Howard  Anderson 

Let’s  look  forward  10  years.  Who  will  win 
the  coming  battle  for  Third  World  domi¬ 
nance  —  India  or  China? 

I  recently  spent  a  month  in  India,  visiting  its 
most  important  IT  companies.  Right  now, 
India  is  clearly  winning  the  software  war,  pro¬ 
ducing  more  and  better  industrial-strength 
software.  India  is  famous  for  its  call  centers,  but  its  software  goes  even 
further  —  a  ton  of  first-rate  code  is  being  written  in  Bangalore  and 
other  high-tech  Indian  cities.  Infosys  Technologies  in  Bangalore  hit  $1 
billion  in  revenue  last  year  and  other  players,  such  as  Tata  Consultancy 
Services  and  Wipro,  are  big  league.  Pretty  much  every  big  U.S.  IT  shop 
has  a  relationship  and/or  development  center  in  India,  including 
Microsoft  and  GE.  India’s  advantage:  English  as  the  national  languages 
terrific  university  system  and  an  enviable  work  ethic. 

But  there  is  a  soft  underbelly  to  India’s  success:  Its  costs  are  rising 
rapidly  and  10  years  from  now  India  might  not  be  the  low-cost  devel¬ 
opment  center  it  is  today  Indian  software  program  managers  were  get¬ 
ting  paid  $6,000  back  in  2000,  but  those  same  jobs  today  command 
$30, 000. Yes,  India  is  still  inexpensive,  but  for  how  much  longer? 

One  issue  that  major  Indian  firms  want  to  look  into  is  the  writing  of 
proprietary  software  —  software  that  they  own  and  which  can  be 
resold  again  and  again.The  idea  is  to  begin  by  doing  software  mainte¬ 
nance,  then  writing  specialized  code  for  one  client,  then  taking  that 
expertise  and  turning  it  into  a  profitable  product.  The  venture  capital¬ 
ists  are  investing  now,  not  for  the  outsourcing,  but  with  the  idea  that  they 
will  have  a  seat  at  the  table  when  the  Indian  software  business  begins. 
One  unresolved  issue  in  India  is  open  source  —  Indian  companies  are 
still  on  the  fence  as  to  whether  this  area  deserves  their  full  attention.  But 
developing  software  packages  is  definitely  on  their  minds  —  in  short, 
they  want  to  get  paid  for  their  brains,  not  their  body  (shop). 

This  is  trickier  than  it  looks.Years  ago,  Andersen  Consulting  tried  to  do 
the  same  thing  with  a  product  called  Foundation  and  failed  miserably 


India,  China  duke  it  out 


But  Digital  Equipment  took  code  it  had  created  for  DuFbnt  and  turned 
it  into  the  successful  All  In  One  office-automation  product,  forcing  even 
IBM  to  rock  back  on  its  heels.The  Indian  IT  companies  know  that  right 
now  they  win  business  because  their  code  is  20%  to  50%  less  expensive 
than  code  written  in  the  U.S.,  but  their  real  added  value  is  going  to  be 
better-packaged  software.  They  aren’t  there  yet,  but  they  see  it  on  the 
horizon.  One  company,  Symphony  now  only  wants  projects  that  are 
“technologically  challenging” —  because  they  believe  that  at  this  level 
price  is  less  important,  margins  are  higher  and  they  will  be  able  to 
attract  and  retain  the  best  people.  Turnover  is  a  big  problem  in  the 
Indian  high-tech  community  which  resembles  Silicon  Valley  circa  1998. 

The  conventional  wisdom  is  that  China  will  manufacture  virtually 
everything  in  its  super-cheap  factories  and  India  will  do  all  the  soft¬ 
ware.  Not  so  fast.  The  Chinese  realize  that  today’s  products  are  manu¬ 
facturing-driven  but  tomorrow’s  will  have  a  software  component.  In 
three  years,  China  will  be  the  largest  manufacturer  in  the  world  of  tele¬ 
vision  sets.  Fine.  But  in  two  years,  those  televisions  will  have  software 
embedded  in  them,  and  the  software  will  be  the  added  value.The  last 
thing  the  Chinese  want  is  to  give  this  away  —  to  India  or  any  other 
country 

The  high-tech  industry  in  India  is  3  million  people  —  out  of  1  billion. 
India  desperately  needs  manufacturing  jobs,  not  just  software  jobs.  But 
for  now,  those  jobs  are  going  to  stay  in  China. 

The  Chinese  are  aggressive  and  determined  that  they  will  remain  the 
world’s  factory  The  Indians  are  entrepreneurial  and  are  beginning,  qui¬ 
etly  to  consider  outsourcing  some  of  their  software  development  to 
even  lower-cost  countries  —  such  as  China. 


The  Chinese 
realize  that 
today's  products 
are  manufactur- 
ing-driven  but 
tomorrow’s  will 
have  a  software 
component 


Anderson  is  senior  managing  director  of  YankeeTek  Ventures,  a 
Cambridge,  Mass.,  venture  capital  fund  for  early  stage  technology  com¬ 
panies.  He  is  also  founder  of  The  Yankee  Group  and  the  William  Porter 
Distinguished  Lecturer  at  the  Massachusetts  Institute  of  Technology.  He 
can  be  reached  at  handerson@yankeetek.com. 


Internet  search  has  become  a  staple  in  the  daily  diet  of  most  IT  professionals.  Need 
to  learn  about  radio  frequency  identification  or  the  latest  trends  in  offshore  outsourc¬ 
ing?  Search  for  it  online.  Want  to  find  a  JavaScript  workaround?  Look  for  user  threads 
in  a  Java  forum. 

IT  executives  now  are  applying  a  more  sophisticated,  enterprise  version  of  search  func¬ 
tionality  to  corporate  Web  sites  and  intranets  to  improve  the  search  experience  for  e-com- 
merce  customers,  business  partners  and  employees.  Beyond  that,  enterprise  search  tools 
are  being  aimed  at  internal  databases,  even  databases  residing  on  mainframes,  for  spe¬ 
cialized  functions  such  as  data  analytics,  knowledge  management  and  business-process 
management. 

Christian  Book  Distributors  (CBD)  wanted  to  improve  the  search  and  browse  function¬ 
ality  on  its  e-commerce  sites,  most  notably  ChristianBook.com,  according  to  Mark  Pepin, 
assistant  vice  president  for  the  Peabody  Mass.,  company  CBD  chose  Endeca’s  ProFind  for 
the  task.“We  really  liked  the  technology  that  drove  Endeca,”  Depin  says.“It  was  very  similar 
to  the  technology  we  built  our  site  on." 

After  they  implemented  the  product,  it  wasn’t  long  before  Pepin  and  his  team  started  to 
see  how  Endeca  also  could  help  CBD  reduce  the  time  it  took 
to  roll  out  marketing  campaigns.“We  saw  it  was  also  a  great 
data-mining  tool,  which  made  it  a  good  fit  for  direct-mar¬ 
keted,  targeted  e-mails  to  our  customer  base,”  he  says. 

Before  using  ProFind,  it  took  several  hours  to 
run  a  traditional  database  query“With 
Endeca’s  ability  to  slice  and  dice  our 
data,  we  could  load  up  all  of  our 
separate  customer  information 

—  purchase  history  author 
history  product  categories 

—  on  a  separate  platform. 

We  were  then  able  to 
quickly  segment  the  list. 

We  could  go  and  mine 
customers,  clicking  on 
anybody  who  had  purch¬ 
ased  a  particular  author 
in  the  past,  and  it  would  lit¬ 
erally  bring  back  informa¬ 
tion  in  seconds,”  Pepin  says. 
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Web  search  vs.  enterprise  search 

The  ability  to  process  a  company’s  structured  and  unstructured  data,  stored  in  a  variety 
of  formats,  is  what  separates  enterprise  search  tools  from  more  public  Web  search  engines, 
according  to  analysts.  Structured  data  exists  in  database  tables,  usually  associated  with  a 
company’s  ERF?  CRM  or  custom  database  systems.  Unstructured  data  can  take  the  form  of 
e-mails,  Microsoft  Office-type  files,  Adobe  PDFs  and  a  host  of  other  current  or  legacy  file 
types  scattered  throughout  a  typical  corporation. 

Public  Web  search  engines  primarily  support  HTML  file  formats,  and  possibly  a  few  stan¬ 
dard  office  formats  (Microsoft  Word,  Adobe  Acrobat  PDFs).  Enterprise  search  products 
often  provide  gateways  that  let  the  products  search  and  retrieve  content  from  a  range  of 
file  formats,  even  legacy  files  on  mainframes. 

Also,  Public  Web  search  engines  use  a  spider  to  acquire  new  content,  while  enterprise 
search  products  might  use  either  a  software  crawler  or  scripts  that  directly  transfer  files  to 
the  search  engine  to  reduce  the  load  on  the  network,  according  to  search  and  retrieval 
guru  Stephen  Arnold. 

Hadley  Reynolds,  an  analyst  at  Delphi  Group,  says  enterprise  search  is  not  only  about  a 

search  box  and  a  results  list  that  appears  after  the  user  hits 

D  fl  P  If  M  «■  “Go.” “Most  of  the  enterprise  search  applications;  are  look- 

u  U  W  fc  «  Tq  ing  well  beyond  that  model  into  more  of  an  integrated 

process 
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model,”  he  says.  Reynolds  stresses  that  many  enter¬ 
prise  search  projects  incorporate  fairly  cairs- 
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prehensive  taxonomy  and  classification 
schemes  to  add  more  meaning  to 

,  the  content  the  search  applica- 
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tion  unearths. 

Many  enterprise  searcli 
vendors  have  begun  to 
cross-sell  components 
of  their  product  suites 
as  analytics  and  data- 
mining  tools,  precisely 
because  of  their  abil¬ 
ity  to  “slice  and  dice”  a 
variety  of  enterprise 
data.  And  many  tradi¬ 
tional  content  manage¬ 
ment,  CRM  and  ERP  ven- 
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dors  are  embedding  technology  from  enterprise  search  leaders  such  as 
Verity  or  Autonomy 


Searching  for  a  search  tool 

Companies  looking  for  the  best  in  enterprise  search  might  be 
overwhelmed  with  the  variety  of  products  available  and  the 
equally  varied  price  tags  —  which  can  range  from  $10,000 
to  more  than  $1  million  (see  graphic,  page  40).  Although 
some  open  source  search  products  exist,  such  as  Java- 
based  Lucene,  a  large  company  undertaking  an  enterprise 
search  project  should  be  prepared  to  set  aside  an  average 
of  $250,000,  according  to  Whit  Andrews,  a  research  director 
at  Gartner. 

There  are  a  number  of  platform  and  niche  vendors  to 
choose  from,  along  with  many  new,  smaller  entrants.  Search 
platform  vendors  tend  to  offer  the  broadest  spectrum  of 
search  functionality  and  the  most  experience  with  building 
gateways  or  connectors  to  third-party  applications.  These 
include  Verity  Autonomy  Endeca,  Fast  Search  &  Transfer  and 
Convera.  For  search  applications  focused  on  customer  self-ser¬ 
vice,  Andrews  also  cites  InQuira,  Kanisa,  iPhrase,  EasyAsk  and 
Kaidara  Software. 

Reynolds  offers  this  list  of  criteria  for  potential  buyers:  secu¬ 
rity,  scalability,  gateway  capabilities,  ability  to  be  customized 
and  richness  of  the  portfolio  in  terms  of  relevance 
approaches.  (Relevance  approaches  seek  to 
improve  the  usefulness  of  results  returned  to  user 
queries.) 

System  performance  and  speed  of  retrieval 
are  also  key  criteria  to  look  for,  according 
to  Arnold.  Other  essential  search  features 
include  stability,  ease  of  administra¬ 
tion,  scalability,  extensibility,  support 
for  common  file  formats  (includes 
ASCII,  Word,  Adobe  PDF  HTML 
files),  role-based  security  safe¬ 
guards,  and  support  for 
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We  could  go  and  mine  customers,  clicking 
on  anybody  who  had  purchased  a  partied 
author  in  the  past,  and  it  would  literally 
bring  back  information  in  seconds. 
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Companies  are  using 
enterpr  se  search  tools 
:o  unlock  key  information 
Duried  n  internal  databases 
and  to  boost  e-commerce. 
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indexing  features,  such  as  incremental  indexing. 

Making  the  right  connections 

The  need  for  gateways  to  access  different  formats  and  document  repositories  is  a  major 
issue  to  large  organizations,  according  to  Reynolds,  who  notes  that  some  companies 
might  require  more  than  12  gateways.  Andrews  says  that  challenges  with  gateways  are 
common  sources  of  trouble  for  enterprise  search  customers.  “What  typically  breaks  are 
issues  of  security  and  issues  of  connectors  to  non-Web  document  stores.  In  other  words, 
it’s  really  easy  to  index  all  the  files  on  a  Web  server  but  really  hard  to  index  all  the  pages 
that  might  come  out  of  a  database,”  he  says. 

CBD’s  selection  process  included  testing  in  which  Endeca  ran  demonstrations  with 
some  of  CBD’s  data.  Pepin  says  CBD  also  built  sample  applications. 

This  vetting  process  helped  CBD  make  an 
ultimate  vendor  choice  and  led  to  the  unex¬ 
pected  finding  that  some  data  had  been  cat¬ 
egorized  inaccurately  by  end  users  when 
they’d  first  entered  it  in  the  database.  These 
discrepancies  cropped  up  early  in  the  search 
testing  phase,  when  sample  search  queries 
began  producing  a  few  odd  results. 

“You  really  have  to  be  on  top  of  and  aware 
of  the  data  structures  but  also  the  anomalies. 

These  products  will  show  you  very  clearly 
what  you  are  doing  well,  but  also  very  clearly 
where  you  may  have  problems  with  your 
data,”  Pepin  says.  While  CBD  didn’t  have  to 
correct  these  anomalies  with  any  sweeping 
data  restructuring,  the  company  was  required 
to  perform  some  additional  data  entry  work 
to  clean  up  the  misclassifications. 

Putting  in  some  manual  effort  on  upfront 
classification  and  taxonomy  creation  can 
often  be  required  to  get  enterprise  data 
ready  to  return  good  results  with  a  search 
engine,  according  to  Reynolds. 

Hope  is  a  freelance  IT  writer  and  owner  of 
TheNetworkingWriter.com.  She  can  be 
reached  at  mhope@thenetworkingwriter.com. 


Gartner  recommends  that  corporations  begin  any  search 
vendor  evaluation  project  by  ruling  in  vendors  rather  than 
ruling  them  out. 

Does  the  company  desire  or  accept  an  application  ser¬ 
vice  provider  model  of  search  provision? 

Does  the  company  desire  or  accept  an  appliance:  model 
for  search  provision  ? 

Will  the  vendor  serve  one  project  or  be  an  enterprise- 
wide  default  for  all  new  projects? 

■  What  repositories  of  data  will  be  searched?  Will  the  search 
product  call  applications  or  simply  search  an  index?  Will  text 
be  the  only  significant  format  in  which  information  is  stored? 

What  level  of  security  will  be  necessary,  and  what  means 
of  authentication  will  be  used? 

What  interface  will  be  used  for  result  selection?  Will  the 
company  desire  categorical  navigation?  Is  persuasive  mer¬ 
chandising  a  goaf? 

What  interface  will  be  used  for  query  input?  Will  the  com¬ 
pany  need  to  use  a  natural  question  format,  or  stick  to 'the 
familiar  keyword  input  format? 


Enterprise  search  scenario 

Search  software  finds  data  from  multiple  sources,  indexes  it 
and  makes  it  available  for  live  searches  by  end  users. 
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Searching  for  search  vendors 

License  fees  for  an  enterprise  search  product  can  hit  seven  figures. 
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It  don’t  come  easy 

Installing  an  enterprise  search  too!  takes  hard 
work,  but  the  results  speak  for  themselves, 

onica  Lavin  is  executive  director  of  Web  initiatives  at  Thomas  industrial 
Network,  a  100-year-old  company  in  New  York  known  for  its  Thomas 
Register  "green  books"  that  catalog  information  on  U.S.  industrial 
manufacturers  and  suppliers. 

Thomas  Industrial  was  ready  to  show  an  integrated,  online  face  to  the  world, 
in  the  form  of  its  Web  site,  ThomasNet.com.  The  mission  was  to  bring  together 
industrial  buyers  and  suppliers  on  a  national,  regional  and 
local  level. 

After  carefully  defining  her  requirements,  Lavin  knew  sup¬ 
port  for  customization  was  going  to  be  one  of  the  most 
important  features  she  would  need  in  an  enterprise  search 
tool.  The  company  spent  several  months  exploring  the 
search  functionality  of  the  Fast  Search  ^Transfer  (FAST) 
AdVisor,  before  Thomas  made  the  decision  to  purchase  the 
product. 

One  thing  that  tipped  the  scales  in  FAST’s  favor  was  the 
ability  to  modify  some  of  its  algorithms.  “We  wanted  to  be 
able  to  weight  different  types  of  documents,"  Lavin  says. 

Lavin  and  her  team  learned  early  on  in  the  process  that 
users  coming  to  theThomasNet  site  wanted  product 
information  first,  followed  by  information  about  compa¬ 
nies  that  made  the  product.  If  an  engineer  came  to  the 
site  looking  for  information  on  five-way  bail  valves,  for 
instance,  Lavin  wanted  the  search  engine  to  return 
results  that  offered  whatever  detailed  product  informa¬ 
tion  on  five-way  ball  valves  existed  in  Thomas  Industrial's 
databases.  To  help  them  accomplish  this  task,  Lavin 
wanted  the  enterprise  search  product  to  let  Thomas  give 
a  higher  weighting  to  this  type  of  structured  data,  stored 
in  various  database  tables. 

ThomasNet  is  fueled  by  many  of  the  company’s  own  data¬ 
bases  that  store  content  about  industrial  suppliers  and 
products,  and  is  frequently  updated  by  Thomas  Industrial's 
team  of  editors.  This  equates  to  millions  of  records  in  legacy 
databases,  with  each  of  ThomasNet's  625,000  cornoanias 
listed  in  multiple  categories. 

ThomasNet  is  also  required  to  index  the  public  Web  sites  of  about  half  its 
suppliers,  which  often  include  a  variety  of  PDF  files  containing  detailed 
engineering  specifications  or  CAD  drawings  related  to  the  products  they 
manufacture. 

After  buying  the  product,  it  took  Thomas  another  year  of  testing  and  proto¬ 
typing  before  the  company  felt  confident  the  system  was  ready  for  prime 
time.  "It  was  a  very  painful  process,”  l.avin  says,  referring  to  this  early  phase, 
"We  had  a  committed  team  of  about  six  peopie  who  spent  a  good  nine 
months  in  a  conference  room  without  windows." 

Much  o?  the  work  involved  developing  user  scenarios,  performing  needs 
analysis  and  testing  current  sites  to  determine  what  users  found  most  use¬ 
ful,  The  final  phase  of  this  process  was  the  actual  Web  site  design,  which 
l.avin  says  was  the  easiest  part,  after  completing  aii  the  steps  that  had 
gone  before  it. 

All  the  upfront  work  appears  to  have  paid  off.TtiomasNet.com  now  routinely 
records  between  2  million  to  3  million  searches  per  month,  with  50%  of  cur¬ 
rent  users  representing  repeat  traffic.  Users  often  comment  on  how  easy  the 
system  is  to  use,  says  Lavin,  who  notes  that  ThomasNet  has  also  received  its 
share  of  recent  recognition  in  industry  journals  for  its  design  requiring  the 
fewest  number  of  clicks  io  the  most  relevant  information.  According  to  Lavin, 
the  company  also  received  a  recent  nod  in  January  from  Forrester  Research, 
which  cited  ThomasNet.com  as  the  gold  standard  for  industrial  search  in 
North  America. 

Lavin  says  the  key  lesson  mat  she  learned  is  to  focus  on  the  content  first, 
followed  by  enterprise  search  functionality.  "Anything  with  search  is  only  as 
good  as  the  content  underneath  the  technology,”  she  says,  "if  you  don’t  have 
good  content,  it  doesn't  matter  how  good  the  search  technology  is." 

—  Miehsle  Hope 
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Middleware  is  Everywhere 
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1.  Sales  associate  checks  online  inventory. 

2.  Manager  uploads  revenue  goals. 

3.  Supervisor  gets  employee  overtime  info. 

4.  Cashier  IMs  downtown  store  location. 

5.  Everyone  accessing  info  via  one  portal. 


MIDDLEWARE  IS  IBM  SOFTWARE.  WebSphere  Portal, 
part  of  the  IBM  Workplace  Family,  connects  partners, 
employees,  and  customers  worldwide.  It’s  how  to  access 
multiple  applications  on  one  screen  and  on  virtually  any 
kind  of  device.  An  end-to-end  solution  that  helps  improve 
productivity  and  reduce  costs  as  it  enables  on  demand 
business.  It’s  an  accessory  that  you  just  can’t  live  without. 


Middleware  for  the  on  demand  world.  Learn  more  at  ibm.com/middleware/portals  DEMAND  BUSINESS 
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Virtual  Server 
Software 


Microsoft’s  Virtual  Server  2005:  Redmond 
giant's  foray  into  server  consolidation 


I  BY  TOM  HENDERSON,  NETWORK  WORLD  LAB  ALLIANCE 


In  our  Clear  Choice  Test, Virtual  Server  2005  —  technology  Microsoft  picked  up 
with  its  2003  Connectix  purchase  —  proved  itself  well  worth  the  money  ($495 
for  a  host  with  up  to  four  CPUs)  because  it  lets  you  run  multiple  instances  of 
Windows  (NT  4.0  with  Service  Pack  6  on  up  to  2003)  on  the  same  machine. 
And  with  the  Virtual  Server  Migration  Kit,  it  provides  a  way  to  gracefully  move  and  consolidate  older  Windows 
NT  and  2000  Server  applications  onto  new  (and  ostensibly  higher-capacity)  hardware.  The  migration  kit  also 
helps  resolve  Windows-specific  hardware  issues, such  as  migrating  a  Windows  2000  server  running  on  an  ancient 
SCSI  host  bus  adapter  to  new  storage  subsystems  inside  the  host  machine  with  very  little  modification. 


VMware  (recently  acquired  by  EMC) 
has  long  offered  server  virtualization 
with  its  ESX  and  GSX  Server  wares  for 
a  variety  of  operating  systems.  Virtual 
Server  2005  is  not  as  elegant  as 
VMware’s  software  and  only  officially 
supports  Windows  servers. 

Virtual  Server  2005  runs  as  a 
Windows  service  on  a  Windows  2003 
Enterprise  Server  box.  An  administra¬ 
tor  then  can  establish  multiple  con¬ 
current  server  environments  —  called 
virtual  machines  —  on  that  single 
physical  server,  each  with  its  own  limi¬ 
tations  in  terms  of  what  resources  it 
can  access.  We  suggest  multiple  CPUs 
for  the  hardware  and  a  great  deal  of 


Company:  Microsoft,  www.microsoft.com 
Cost:  $495  for  up  to  four  CPUs;  $995  for 
up  to  32  CPUs,  Pros:  Very  stable,  highly 
compatible  Windows-centric  virtual 
machine  system;  low  management  over¬ 
head;  great  performance.  Cons:  Not  as 
customizable  as  other  products;  Windows¬ 
centric;  cluttered,  unintuitive  user  interface. 

The  breakdown 

Instaliation/compatibility  25% 

4.5 

Administration/management  25% 

4.0 

Performance  25% 

4.5 

Availability/reliability  25% 

4.5 

TOTAL  SCORE 

4.58 

RAM  (a  minimum  of  512M  bytes  per 
virtualized  server  plus  another  512M 
bytes  as  a  base). 

We  easily  installed  Virtual  Server 
2005  on  three  hardware  platforms: 
a  dual-CPU  NFrame  1600,  a  dual-CPU 
HP  DL380  and  a  four-processor  HP 
DL580  (see  “How  we  did  it,’’www.nwfu- 
sion.com,  DocFinder:  6125). 

The  Virtual  Server  2005  Management 
Console  is  a  Web-based  program,  and 
its  real  estate  is  somewhat  ugly  and 
poorly  managed.  Although,  the  ability 
to  monitor  each  of  the  virtualized 
servers  via  a  Web  page  simplifies  that 
process  a  great  deal. 

There  are  three  ways  to  build  a  virtu¬ 
al  machine  inside  a  host  server.  The 
first  is  to  install  the  server  software 
onto  an  allocated  virtual  machine, 
which  when  booted  appears  as 
though  it  is  a  new  server.  The  second 
method  is  to  copy  resource  settings 
from  another  already-built  virtual 
machine.  These  settings,  along  with 
loaded  application,  can  be  easily  repli¬ 
cated  to  create  additional  virtual 
machines.The  third  way  is  to  migrate  a 
compatible  server/application  in¬ 
stance  to  a  virtual  machine  using  the 
migration  kit. 

After  installing  Virtual  Server  2005, 
you  can  either  use  Microsoft’s  preset 
parameters  or  tap  into  the  GUI  to 
establish  your  own  settings  for  each 
virtual  machine.  Those  settings 
include  disk  control  (size,  type  of  disk, 
location  and  allocated  space),  maxi¬ 
mum  memory  to  be  used,  IP  address 
and  operation  mode.  Each  virtual 
machine  can  be  named  and  can  use 
network  addresses  that  are  internal, 
external  or  on  a  virtual  network. These 
virtual  machines  also  can  stand  alone 
and  not  be  connected  to  a  network. 

The  virtual  machines  lock  host 


resources  —  such  as  CD/DVD  players, 
serial  ports,  parallel  ports  and  other 
devices  —  when  they  use  them  so  that' 
other  virtual  machines  cannot  access 
those  host  resources.  Other  resources 
may  or  may  not  need  to  be  used 
sequentially.  As  an  example,  disk  drives 
can  use  either  shared  or  privately  allo¬ 
cated  space  but  never  the  same  files 
except  as  read-only  resources.  Certain 
resources  such  as  external  USB  drives, 
authentication  token  or  biometric 
authentication  devices  cannot  be 
shared  devices. 

In  our  tests,  we  generated  and  then 
migrated  several  server  types.  The  total 
migration  time  ranged  from  just  under 
six  hours  for  MS  SQL  Server  running 
on  NT  4  SP  6  to  just  more  than  seven 
hours  for  Microsoft  Exchange  5.5  run¬ 
ning  on  Windows  2000  Advanced 
Server  SP  3.  These  measurements 
include  the  time  it  took  to  build  the 
images,  resolve  resource  settings, 
install  the  image  onto  the  virtual  serv¬ 
er,  and  restart,  the  server  and  its  appli¬ 
cations.  Faster  hardware  certainly 
helps  speed  the  process,  as  does  close 
reading  of  the  detailed  migration  kit 
documentation. 

The  migration  application  and 
scripts  successfully  remapped  hard¬ 
ware  resources.  The  software  also  let 
us  remap  the  Ethernet  card  media 
access  control  address  of  old  cards  to 
new  server  addresses. 

When  we  deployed  Virtual  Server 
2005  on  a  four-way  HP  box,  our  test 
was  designed  to  stress  capacity  and 
availability  levels  under  crash  condi¬ 
tions.  We  built  eight  virtual  machine 
running  Windows  2000  Server  to  run 
concurrently  in  a  minimal  amount  of 
memory  (128M  bytes  each)  space.  We 
then  ran  SSL  logons  against  each 
virtual  machine  until  allocated  CPU 


was  saturated  for  each.  We  found  that 
each  virtual  machine  behaved  accord¬ 
ing  to  our  desired  resource  parame¬ 
ters.  We  then  tested  disk  I/O  con¬ 
tention  and  found  multiple  concur¬ 
rent  writes  to  disk  could  quickly  pile 
up  the  cache  on  each  virtual  machine, 
but  we  could  spawn  no  errors  through 
normal  use. 

Other  tests  known  to  generate  a  blue 
screen/crash  affected  only  the 
crashed  individual  virtual  machine 
we  targeted  and  the  resources  we  allo¬ 
cated  to  it,  rather  than  destabilizing 
the  entire  Virtual  Server  2005  platform. 
We  noted  that  to  reach  this  level  of  sta¬ 
bility,  we  had  to  upgrade  our  host  serv¬ 
er  to  Win  2003  Enterprise  Server  SP  1, 

When  we  purposely  crashed  a  virtual 
machine,  its  high  CPU  utilization  might 
have  gone  unforeseen  if  we  had 
not  also  used  the  Microsoft  Operations 
Manager  (MOM)  2005  with  appropri¬ 
ate  management  packs  for  Virtual 
Server.  Without  MOM  2005,  you  must 
view  a  console  or  monitor  system  logs 
to  find  that  sessions  have  gone 
haywire. 

We  found  that  disk  speed  in  a  virtual 
machine  stood  within  5%  of  its  speed 
on  its  native  host  platform  on  all 
servers  tested.  CPU  performance  using 
rudimentary  tests  was  often  as  fast  as 
the  host,  but  could  be  bogged  down 
by  high  disk  I/O. 

Overall,  we  found  Virtual  Server  2005 
to  be  a  strong  virtual  machine  plat¬ 
form.  The  stability  of  the  product 
shows  the  legacy  of  the  Connectix 
technology,  even  if  the  user  interface 
not  as  pretty  as  we’d  like. 

Henderson  is  principal  researcher  for 
ExtremeLabs  in  Indianapolis.  He  can 
be  reached  at  thenderson@extreme 
labs.com. 
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Preventsys 

Enterprise  Security 
Management  System 

Preventsys  provides  network  security  systems  to 
Fortune  500  companies  and  government  agencies  for 
the  proactive,  centralized  and  automated  management 
of  vulnerability  assessment,  configuration  management, 
network  security  processes,  and  regulatory  compliance. 
Preventsys  enables  complex,  distributed  organizations 
to  improve  their  security  posture  by  integrating  point 
solutions  from  multiple  vendors  into  a  centralized 
dashboard. 

760-268-7800  •  www.preventsys.com 


Berkeley  Varitronics  Systems 

BumbleBee  Multi-Band 
Spectrum  Analyzer 

BumbleBee™  is  a  precision  calibrated  spectrum 
analyzer  that  interfaces  with  HP’s  iPAQ®  PocketPC® 
and  measures  4  distinct  wireless  bands:  900  MHz, 
2.4-2. 5  GHz,  5. 1-5.5  GHz  &  5. 5-5. 9  GHz.  Users  can 
capture,  display  and  analyze  each  band  for  network 
installation,  RF  coverage  and  interference  for  standards 
including  RFID,  VoIP,  802.11(b,a,g  &  Bluetooth)  and 
cordless  phones/video. 

732-548-3737  •  www.bvsystems.com 


CyberAngel  Security 
Solutions,  Inc. 

The  CyberAngel  Software 

Our  product  focus  is  to  provide  user  authentication, 
protect  critical  information  and  data  from  unauthorized 
access  or  compromise,  prevent  unauthorized  access 
to  remote  servers  or  online  accounts,  and  to  transmit 
a  covert  communication  to  our  24/7  monitoring  center, 
providing  us  location  information  to  be  used  for  track¬ 
ing  and  recovery  purposes. 

800-501-4344  •  www.thecyberangel.com 


A 

ACTE  RN  A. 

Communications  Test  and 
Management  Solutions 

Acterna 

VolPTest  and  Management  Portfolio 

Acterna  provides  bundled  sets  of  instruments,  systems, 
and  software  aligned  to  the  unique  test  and  manage¬ 
ment  requirements  of  service  providers,  cable  operators, 
and  enterprises  deploying  VoIP,  triple-play  via  FTTx, 
and  broadband.  These  portfolios  are  synchronized 
to  each  stage  of  network  development  and  operation, 
from  initial  construction  and  installation  to  turn  up, 
troubleshooting  and  service  assurance. 

301-353-1550  •  www.acterna.com 


V  BLUECAT  NETWORKS' 

secure  networks,  simplified. 

BlueCat  Networks 

Adonis  500  DHCP  appliance, 
Adonis  1000  DNS/DHCP, 
Meridius  1000  Security  Gateway 

BlueCat  Networks  is  the  leading  provider  of  innovative 
network  security  appliances  that  are  simple  and  secure. 
Our  award-winning  products  enable  novice  administra¬ 
tors  to  implement  complex  technologies  such  as  DNS 
and  DHCP  with  the  ease  of  seasoned  veterans.  Named 
an  “Industry  Leader”  by  The  Burton  Group,  Adonis 
DNS/DHCP  Appliance  and  Meridius  Security  Gateway, 
offers  exceptional  security  and  network  scalability  to  a 
wide  range  of  clientele,  many  of  which  are  Fortune  500 
organizations. 

866-895-6931  •  www.bluecatnetworks.com 


cyclades 


Cyclades  Corporation 

Cyclades,  the  leader  in  next-generation  IT  infrastructure 
management,  offers  the  AlterPath™  family  of  products 
that  provide  secure  alternate  paths  into  the  production 
IT  infrastructure,  enabling  remote  access  to  disconnect¬ 
ed  assets.  AlterPath  solutions  include  console  servers, 
KVM  and  KVM  over  IP,  power  control,  IPMI  Manage¬ 
ment,  and  a  manager  to  control  the  entire  out-of-band 
infrastructure. 

510-771-6100  •  www.cyclades.com 


ArrayNetworks 

•  The  Application  Networking  Company 


Array  Networks 

TMX  Series  Application  Front  End 
Appliances;  SPX  Series  Enterprise  SSL 
VPN  Appliances 

Array  Networks  is  a  world  leader  in  secure  application 
acceleration  and  deployment  appliances  for  global 
enterprises.  Built  upon  the  Array  SpeedStack™  technol¬ 
ogy,  Array’s  unified  secure  content  access  and  accelera¬ 
tion  solutions  enable  industry-leading  performance, 
integration,  scalability  and  ease  of  implementation  and 
management.  Headquartered  in  Campbell,  California 
with  sales  offices  in  the  U.S.,  Europe,  Asia  Pacific  and 
Latin  America,  Array  engineers  and  manufactures  its 
products  in  the  Silicon  Valley  and  sells  them  through 
direct  and  indirect  channels  across  the  globe. 
866-MY-ARRAY  •  www.arraynetworks.net 


Computerwise,  Inc. 

TCP/IP  Digital  Wall  Clock/Readout 

The  ED210  Digital  Wall  Clock/Display  offers  the 
means  to  automatically  synchronize  (by  SNTP)  all  the 
displayed  time  throughout  reaches  of  your  LAN.  The 
ED210  has  four  inch  high  numerals  that  can  be  read 
from  100+  feet  away.  Can  be  powered  over  your  Cat5 
data  cable. 

800-255-3739  •  www.computerwise.com 


DORIAN 

www.doriansoftware.com 


TM 


Dorian  Software  Creations,  Inc. 

Total  Event  Log  Management  Solution 

Founded  in  1997  with  its  flagship  product  Event 
Archiver,  Donan  Software  Creations,  Inc  now  provides 
comprehensive  event  log  management  software  and 
other  solutions  to  government  agencies  and  leading 
companies  globally. 

678-222-3443  •  www.doriansoftware.com 
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www.nwfusion.com 


Business  challenges  that  add  pressure  to  your  net 


@  BY  LINDA  LEUNG 

This  month, Network  World  will  be  on  the 
road  with  the  first  of  this  year’s  Technology 


Tours.  Jim  Metzler,vice  president  of  Ashton, 
Metzler  and  Associates,  will  lead  a  tour  enti¬ 
tled  “Network  Management/IT  Automation 
and  the  Agile  Enterprise:Tools  to  Bridge  the 


Gap.”  I  quizzed  Metzler  recently  about  the 
management  challenges  that  network 
executives  face. 


Which  key  management  areas  should  network 
executives  focus  on  in  the  next  12  months? 

Applications  management  and  configu¬ 
ration  management.  Applications  manage¬ 
ment  is  important  because  it  gets  to  the  key 
value  that  IT  provides  to  business  unit 
managers  (BUM).  The  vast  majority  of 
BUMs  do  not  care  about  networking.  They 
do  care  about  the  applications  that  they 
use.  Hence,  one  of  the  best  ways  to  show 
value  to  the  BUMs  is  to  do  a  good  job  of 
managing  what  they  value:  applications. 
Configuration  management  is  important 
because  bad  configuration  management 
leads  to  over  half  of  the  network  outages, 
and  because  configuration  management  is 
labor-intensive,  and  hence  expensive. 

How  should  network  executives  manage  appli¬ 
cations  that  are  owned  by  the  business  units? 

Very  carefully  —  as  this  is  a  difficult  politi¬ 
cal  and  technical  problem.  This  is  an  area 
where  a  network  executive  will  not  be  suc¬ 
cessful  trying  to  be  all  things  to  all  people. 
First,  choose  an  application  that  is  impor¬ 
tant  to  the  company  but  also  one  whose 
owner  is  willing  and  interested  in  working 
with  the  network  organization.  Then  estab¬ 
lish  objectives  for  the  application’s  perfor¬ 
mance,  including  particular  performance 
objectives  for  the  network.  Next,  deploy  a 
tool  that  can  monitor  the  application,  and 
identify  the  cause  of  any  performance  pro¬ 
blems.  Finally  build  management  processes 
that  focus  on  using  the  information  gained 
by  monitoring  the  application  to  respond  to 
problems  before  they  affect  the  user. 

Which  management  area  represents  the 
biggest  challenge  for  network  executives? 

Business  service  management.  Just  when 
you  thought  that  application  management 
was  tough  along  comes  business  service 
management  (BSM),the  goal  of  which  is  to 
manage  key  business  processes.  The  chal¬ 
lenge,  and  the  opportunity  presented  by 
BSM  is  that  it  brings  the  network  closer  to 
the  key  business  processes.The  difficulty  is 
that  this  is  brand-new  territory  for  99%  of 
network  executives.  The  best  way  to  get 
started  with  BSM  is  to  choose  one  process 
where  its  owner  is  interested  in  working 
with  IT.  Do  not  set  expectations  too  high, 
and  assign  one  or  two  individuals  who 
have  both  technical  and  business  skills  to 
the  project.  ■ 


More  online! 

The  network  management  tour  is  March  22-31,  stop¬ 
ping  in  Denver,  Chicago,  New  York  and  Boston.  Head 
online  to  register  for  this  free  event. 

DocFinder;  5833 


AuditWizard  V6  -  Simply  Effective 

No  other  software  makes  auditing  your  network  as  quick  and  easy 
as  AuditWizard™. 

Install,  then  sit  back  and  let  AuditWizard™  do  all  the  complicated  stuff. 
AuditWizard™  will  automatically  discover  all  of  the  PCs  connected  to  your  network 
then  conduct  a  comprehensive  software  and  hardware  audit  of  each  one  -  without 
any  user  intervention  from  you. 

So  when  the  boss  asks  for  that  Software  License  Compliance  Report  -  you're 
good  to  go... 

...if  only  everything  in  life  was  as  simple  to  use  as  AuditWizard™ 

For  more  information  telephone  813  319  1390 
or  email  sales@auditwizard.com 

Download  a  FREE  trial  today!  www.auditwizard.com  Layton 

V  Technology 
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ForcelO  Networks,  Inc. 

E-Series  High  Performance  Gigabit  and 
10  Gigabit  Ethernet  Switch/Routers 

ForcelO  Networks  is  the  pioneer  in  high  performance 
switching  and  routing.  Based  on  a  revolutionary  system 
architecture  that  delivers  best-in-class  resiliency  and 
massive  scalability.  Force  10’s  TeraScale  E-Series  switch/ 
routers  ensure  predictable  application  performance, 
increase  network  availability,  and  reduce  operating 
costs.  Today,  many  of  the  world’s  largest  Gigabit 
Ethernet  and  10  Gigabit  Ethernet  networks  depend 
on  ForcelO  Networks. 

408-571-3500  •  www.force10networks.com 


LAN’RONiX* 

Lantronix 

Data  Center  Management  Products 

Lantronix  (NASDAQ:  LTRX)  is  a  leading  provider  of 
secure  network  management  and  device  connectivity 
solutions,  giving  IT  professionals  power  to  access  and 
manage  data  center  infrastructure  regardless  of  location, 
even  when  servers  and  networks  are  down.  Over  two 
million  Lantronix  products  are  deployed  at  more  than 
20,000  sites  worldwide. 

800-422-7055  •  www.lantronix.com 


INSTRUMENTS 


Network  Instruments,  LLC 

Observer® 

Choose  a  network  analyzer  that  puts  you  in  the 
driver’s  seat.  Network  Instruments  is  the  industry¬ 
leading  developer  of  Observer®,  an  award-winning 
network  analyzer  providing  distributed,  user-friendly 
and  affordable  management,  for  the  entire  network 
(Ethernet,  gigabit,  wireless,  and  WAN).  Test-drive 
a  free  two- week  evaluation  copy  today.  Visit  www.net- 
workinstruments.com. 

800-526-7919  •  952-932-9899 
www.networkinstruments.com 


Information  Support 
Concepts,  Inc. 

Small  low-profile  server  - 
computer  peripherals 

Since  1987,  ISC  has  provided  unique  solutions  in  the 
form  of  a  wide  variety  of  computer  related  products 
ranging  from  small  low-profile  server  racks,  computer 
furniture,  cable  management  options  and  peripherals. 
More  than  2,000  items  are  available  online.  ISC 
continues  to  evolve  and  grow  as  a  company  focused 
on  providing  innovative  solutions  for  customer  needs. 
800-458-6255  •  www. iscdfw.com 


Layton 

Technology 

Layton  Technology,  Inc. 

AuditWizard  v6 

Layton  Technology  is  a  global  developer  of  IT  auditing 
and  helpdesk  software  solutions.  Our  Windows- 
based  suite  of  products  enables  companies  to  manage 
and  internally  support  their  technology  assets  enter¬ 
prise-wide  to  ensure  compliance  and  operate  more  cost- 
effectively.  Today,  more  than  15,000  companies  world¬ 
wide  use  AuditWizard™  either  alone  or  in 
combination  with  our  value-added  software  modules 
and  services,  including  our  Web-based  Help  Desk 
solution,  HelpBox™. 

813-319-1390  •  www.laytontechnology.com 


^Double-Take 

NSI  Software,  Inc.  (NSI®) 

Double-Take® 

NSI®  is  the  developer  of  the  award-winning  Double- 
Take®  Software,  which  combines  continuous  replication 
and  failover  for  high-availability,  centralized  backup 
and  DR.  Double-Take  is  used  by  industry  leading  organ¬ 
izations  to  cost-effectively  protect  data  and  applications 
locally  or  remotely  with  minimal  impact  on  network 
or  system  performance.  NSI  has  deployed  over  50,000 
licenses  at  more  than  7,500  customer  sites,  including 
12,000  licenses  on  Exchange  Servers. 

201-656-2121  •  800-775-4674 
www.nsisoftware.com 


Collaboration  Suite 


Ipswitch,  Inc. 


Ipswitch  Collaboration  Suite 


Ipswitch  Collaboration  Suite  (ICS)  provides  e-mail 
and  real-time  collaboration,  calendar  and  contact  list 
sharing,  and  protection  from  spam  and  viruses,  all 
delivered  in  an  easy  to  use  suite  designed  for  small  and 
medium  sized  businesses.  ICS  is  a  set  of  comprehensive 
collaboration  tools  based  on  e-mail,  the  lifeblood  of 
corporate  communication. 

781-676-5700  •  www.ipswitch.com 


LeftHand 

NETWORKS 


OPNET 

Making  Networks  and  Applications  Perform” 


LeftHand  Networks 

LeftHand  SAN 

The  LeftHand  SAN  is  designed  specifically  for  users 
new  to  SANs.  The  modular  architecture  lets  you  build 
a  SAN  on  the  fly  —  start  small  and  grow  capacity  over 
time.  Install  the  storage  in  any  facility,  and  manage  it 
all  centrally.  Unique  data  availability  features  make  sure 
data  is  always  accessible. 

866-4-IPSANs  •  www.lefthandnetworks.com 


OPNETTechnologles,  Inc. 

OPNET  Technologies,  Inc.  (NASDAQ:  OPNT)  is  a  lead 
ing  provider  of  management  software  for  networks  and 
applications.  OPNET’s  best-in-class  solutions  address; 
network  and  application  perfonnance  management; 
capacity  and  resiliency  planning;  network  auditing  and 
configuration  management;  and  modeling  and  simula¬ 
tion.  OPNET  solutions  have  been  operationally  proven 
in  thousands  of  customer  environments  worldwide 
240-497-3000  •  www.opnet.com 
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When  you’re  ready  to  take  control.™ 

Raritan  Computer  Inc. 

Dominion®  KX  KVM-over-IP  switches, 
Dominion  SX  serial  console  servers. 
Paragon®  II  KVM  switches.  Dominion  KSX 
for  branch  office  management,  Command- 
Center™  centralized  management  appliance 

Raritan  Computer  Inc.  is  a  leading  provider  of  solutions 
for  managing  IT  infrastructure  equipment,  such  as 
servers  and  networking  hardware,  and  the  mission- 
critical  applications  and  services  that  run  on  it.  Raritan’s 
highly  reliable  and  responsive  IT  management  solutions 
—  based  on  KVM  switches,  serial  console  servers,  remote 
connectivity  products  and  management  software  — 
enable  companies  to  quickly  pinpoint  problems,  as  well 
as  access  and  repair  faults  from  anywhere,  at  anytime. 
800-724-8090  •  732-764-8886 
www.raritan.com 


S.I.  Tech,  Inc. 

USB  to  Fiber  Bit-Driver 

S.I.  Tech  manufactures  Fiber  Optic  Modems,  Multi¬ 
plexers,  LAN/WAN  products,  Video/Audio  products, 
Ethernet  Switches,  Hubs,  Optical  Repeaters,  and  Cable 
Assemblies.  The  2170/2171  USB  to  Fiber  Bit-Driver 
allows  users  to  extend  USB  inks  up  to  2  Km  over  multi- 
mode  fiber  and  up  to  5  Km  over  single  mode  fiber.  Visit 
S.I.  Tech  to  learn  more. 

630-761-3640  •  www.sitech-bitdriver.com 


Sybari  Software,  Inc. 

Sybari's  Antigen 

Sybari’s  Antigen  is  unsurpassed  in  protecting 
information  workplaces  utilizing  Microsoft  Exchange, 
Microsoft  SharePoint,  SMTP  Gateways,  Lotus  Domino, 
and  Microsoft  Live  Communications  Server.  Antigen’s 
unique  architecture  establishes  a  preemptive  line  of 
defense  from  e-mail  viruses,  worms,  and  malicious 
code,  and  delivers  multiple  scan  engine  technologies 
together  with  advanced  content  and  file-filtering 
capabilities. 

631-630-8500  •  www.sybari.com 


REFURBUPS.com 

Power  Protection  For  less 

RefurbUPS.com,  Inc. 

RefurbUPS.com  is  the  leading  online  distributor  of 
Refurbished  APC  power  protection  products  and  brand 
new  replacement  UPS  battery  solutions.  We  help  IT 
professionals  protect  their  systems  and  data  from  power 
related  problems.  We  deliver  market  leading  power 
protection  solutions  at  up  to  90%  off  list  price.  Buy 
online  24  hours  at  www.refurbups.com,  specials 
updated  daily,  large  inventory,  immediate  shipment. 

845-357-6911  •  www.refurbups.com 


SONICWALL * 

SonicWALL,  Inc. 

SonicWALL  PRO  andTZ  Series  Security 
Appliances  with  Integrated 
Gateway  Anti-Virus,  Anti-Spyware 
and  Intrusion  Prevention 

SonicWALL  takes  state-of-the-art  network  security  and 
makes  it  simple,  reliable  and  affordable.  Our  complete 
range  of  security  and  productivity  solutions  includes 
gateway  anti-virus,  anti-spyware,  intrusion  prevention, 
desktop-enforced  anti-virus,  content  security,  secure 
wireless,  firewall  and  VPN,  along  with  award-winning 
security  management  solutions. 

888-557-6642  •  www.sonicwall.com 


Webroot’ 

Software,  Inic. 

Webroot  Software 

Spy  Sweeper  Enterprise 

Webroot  Software  is  a  privately-held  company  head¬ 
quartered  in  Boulder,  Colorado,  that  has  pioneered 
innovative  privacy  and  protection  solutions  for  con¬ 
sumers  and  businesses  since  1997.  Today,  Webroot 
leads  the  fight  against  spyware  in  corporations  with 
Spy  Sweeper  Enterprise,  an  award-winning,  centralized, 
comprehensive  spyware  solution. 

800-870-8102  •  www.webroot.com 


d^VROSE 

XT^electronics 

Rose  Electronics 

UltraMatrix  Remote 

The  UltraMatrix  Remote  is  a  powerful  product  that 
extends  the  range  and  scope  of  your  user  stations 
to  control  your  servers  around  the  office,  around  the 
country  and  around  the  world.  With  its  superior  quality, 
robust  feature  set,  durability,  expandability,  and  free 
life-time  firmware  upgrades,  the  UltraMatrix  Remote 
is  an  outstanding  value  for  IT  departments. 
800-333-9343  •  281-933-7673 
www.rose.com 


SOPHOS 

Sophos 

PureMessage 

Sophos  is  a  global  leader  in  network  security.  The 
company  protects  over  35  million  businesses  and 
organizations  —  from  small  enterprises  to  academic 
and  financial  institutions  to  governments  and  global 
corporations  —  against  multiple  evolving  threats  such 
as  viruses,  spam,  Trojans,  worms,  malicious  spyware, 
and  provides  flexible  policy  management  capabilities. 
866-866-2802  •  www.sophos.com 


NET 

*00-699-9722 


Worldwide  Provider  of  Notwortt  Hardware  (meal 981 


WR  Consultant  Associates,  Inc. 

dba  WRCA.net 

Since  1981,  WRCA  has  been  providing  customers 
with  Network  Hardware  consisting  of  top-named 
manufacturers  like:  Cisco,  Adtran,  Lucent,  CAC,  3Com, 
Kentrox,  Packeteer,  Ascend,  UDS,  Codex,  Multitech 
and  others  which  allows  WRCA  to  sell  products  for 
all  networks,  including:  VOIP  Gateways,  Access  Servers, 
Terminal  Servers,  Routers,  Modem  Pools,  Bridges, 
Switches,  Hubs,  Frads,  CSUs,  DSU/CSUs,  Multiplexers, 
Modems  and  more. 

732-833-2111  •  www.wrca.net 
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CAREER  DEVELOPMENT 
PROJECT  MANAGEMENT 
BUSINESS  JUSTIFICATION 


Outsourcing  IT 

Business  leaders  eye  external  providers  to  cut  costs,  but  there  are  ways  to 
take  command  of  the  process  while  helping  achieve  corporate  goals. 


A  five-part  series  on  how  to 
turn  challenges  into 
opportunities. 


■  BY  MARC  FERRANTI 

Editor’s  note:  This  is  the  third  installment  of  a  five-part  series  on  the  threats  facing  IT 
executives  and  how  to  mitigate  them. 


In  an  ongoing  drive  to  reduce  capital  expendi¬ 
tures,  corporate  executives  continue  to  consid¬ 
er  outsourcing  as  a  way  to  pare  IT  costs  and 
focus  on  projects  that  are  most  directly  linked 
to  business  goals. 


CHALLENGE 

Company  executives  are  looking  at 
outsourcing  to  reduce  IT  costs  and 
probably  internal  staff  to  focus  on 
core  competencies. 


RESPONSE 

Take  the  bull  by  the  horns  and  help 
drive  outsourcing.  By  being  process- 
oriented,  show  where  internal  staff  is 
efficient;  suggest  pilots  to  assure 
outsourcing  is  done  right  and  in  doing 
so  reduce  fear  among  personnel. 


Experienced  executives  agree  that  outsourcing  almost  always 
sows  uncertainty  in  internal  personnel.  It  can  result  in  layoffs 
and  budget  reductions  among  IT  middle  managers.  The  silver 
lining  for  IT  managers  is  that  there  are  opportunities  for  those 
who  are  prepared  to  embrace  change  and  help  their  compa¬ 
nies  face  the  challenges  of  dealing  with  outsourcers  —  whether 
those  external  providers  are  in  Bangalore  or  Boston. 

“Take  charge  of  decision  making,  and  take  the  fear  out  of  the 
process  of  using  external  service  providers,”  says  Reynaldo  Gil,  CEO  and  founder  of 
Commendo  Software  in  Fremont,  Calif. 

Capitalize  on  the  fact  that  outsourcing  is  notoriously  hard  to  do,  Gil  says.  In  a  career  that 
includes  stints  at  Bank  of  America,  Charles  Schwab  and  IBM,  Gil  has  pulled  the  plug  on 
what  he  calls  “nightmare  scenarios.”  He  once  advised  a  CEO  to  walk  away  from  an  intel¬ 
lectual  property  dispute  with  an  external  provider,  at  a  loss  of  close  to  $1  million  dollars. 

Other  technology  and  business  leaders  agree  that  when  it  comes  to  outsourcing,  com¬ 
panies  need  all  the  talent  they  can  muster  to  do  it  right. 

“The  management  of  outsourcing  partners  does  create  certain  positions  to  ensure  that  the 
deliverables  expected  from  your  partners  are  actually  done,”  says  Cecilia  Claudio,  CIO  and 
vice  president  of  engineering  for  Align  Technologya  Santa  Clara  maker  of  orthodontic  prod¬ 
ucts,  and  a  board  member  of  RampRate,an  IT  outsourcing  advisor  in  Santa  Monica,  Calif. 

“You  need  a  team  to  manage  the  outsourcers,  a  program  management  office  or  an  off¬ 
shore  development  management  center’’  says  Claudio,  who  has  worked  at  Zurich 
Financial  Services,  Farmers  Insurance  Group  and  Xerox  over  her  30-year  career.  In  the 
1990s,  Claudio  helped  engineer  Xerox’s  bellwether  $3.2  billion  outsourcing  deal  with 
Electronic  Data  Systems. 

Claudio  says  outsourcing  program  management  involves  a  variety  of  tasks  and  skills, 
which  include  the  writing  of  service-level  agreements;  analysis  of  contracts;  documentation 
for  how  processes  should  be  managed;  and  creation  of  liaison  roles  to  ensure  effective  com¬ 


munication  among  IT,  the  business  side  of  the  company  and  outsourcers. 

At  Align,  Claudio  started  to  bring  in  program  managers  from  offshore  providers 
skilled  in  these  areas.  She  assigned  some  of  her  IT  staff  to  work  with  the  managers  on 
different  cross-functional  projects.“Feople  willing  to  move  out  of  a  fire-fighting  role 
can  work  at  a  higher  level,  on  projects  that  can  transform  the  way  a  company  does 
business,”  Claudio  says. 

Of  course,  not  all  IT  managers  have  access  to  mentoring  programs  such  as 
Claudio’s.  However,  IT  middle  managers  in  any  company  can  develop  their  pro¬ 
ject  management  chops,  according  to  experienced  executives. 

“Be  process-oriented,  focusing  on  managing  resources,”  Commendo’s  Gil  says. “Analyze 
what  you  do,  apply  metrics  to  what  you  do,  break  out  costs  and  inventory  skills.  See  how 
you  can  do  things  faster,  better” 

Process  management  is  regarded  as  a  crucial  factor  in  coordinating  work  and  commu¬ 
nications  among  dispersed  offices  and  personnel.“Errors  get  compounded  and  magnified 
in  a  distributed  environment,  which  is  the  world  of  outsourcing,”  says  Marc  Hebert,  a  vice 
president  at  Sierra  Atlantic,  a  provider  of  ERP  implementation  ser¬ 
vices  in  Fremont. 

Process  management  is  essentially  a  way  of  breaking  down  work 
into  tasks  that  can  be  benchmarked  and  replicated.  By  formalizing 
and  measuring  what  they  do,  IT  managers  can  more  readily  show 
their  business  counterparts  what  they  accomplish. 

Hebert,  Gil,  Claudio  and  others  make  a  key  point:  Cost-contain¬ 
ment  is  not  the  only,  or  even  the  best,  reason  to  use  outside 
providers.  Benchmarking  IT  processes  can  help  managers  lead  to 
where  a  company  can  best  use  outsourcers, and  where  internal  staff 
should  be  focused. 

“There  are  many  reasons  to  outsource:  to  get  24-hour  support,  to 
take  on  specialized  skills  that  you  might  need  for  only  a  short  time, 
to  bring  in  more  mature  partners,”  Gil  says. 

Take  initiative  by  suggesting  small  pilot  projects  to  be  outsourced, 
starting  with  lower-level  jobs  like  infrastructure  maintenance. 
Claudio  took  this  approach  at  Farmers  and  forged  solid  working 
relationships  with  business  leaders  throughout  the  company 

Creating  benchmarks  for  what  your  staff  does  and  proposing  outsourcing  pilot  pro¬ 
grams  to  accomplish  goals  more  efficiently  gives  you  a  shot  to  expand  the  total  budget 
you  control  or  your  overall  responsibility 

Middle  managers  in  IT  who  learn  to  measure  and  communicate  what  they  do  to  busi¬ 
ness  managers  will  be  seen  as  a  valuable  resource, says  Tony  Greenberg,  CEO  of  RampRate 

IT  managers  who  have  strong  soft  skills  are  sought  after  as  companies  transition  using 
outsourcers, Claudio  stresses.“I  look  for  people  who  are  good  communicators.good  nego¬ 
tiators,  people  who  really  know  how  to  get  the  most  out  of  any  particular  situation,  who 
can  put  themselves  on  the  other  side  and  have  great  empathy  for  the  other  side,” she  says 

“People  involved  with  help  desks  and  network  management  are  in  a  good  position  to 
hone  their  communications  and  negotiating  skills  since  they  need  to  contract,  for  exam¬ 
ple,  for  services  for  bandwidth  and  deal  with  a  complex  network  of  relationships  to  have 
systems  installed,”  Gil  says. 

Ultimately,  outsourcing  consultants  and  top  executives  advise  IT  managers  to  prepare 
to  embrace  change, and  take  the  initiative  to  develop  the  skills  required  to  deal  with  out¬ 
sourcing. 

As  Gil  put  it:“You  don’t  want  to  get  run  over  by  the  train  —  you  want  to  learn  to  drive  i;” 

Ferranti  is  the  executive  news  editor  for  the  IDG  News  Service.  He  can  be  reached  oi 
Marc_Ferranti@idg.  com. 
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How  much  does  your  network  analyzer  see? 

Observer  is  the  only  fully  distributed  network  analyzer  built 
to  monitor  the  entire  network  (LAN,  802.Ha/b/g,  Gigabit, 
WAN).  Download  your  free  Observer  10  evaluation  today 
and  see  how  Observer  puts  you  in  the  driver's  seat  with  more 
real-time  statistics,  more  in-depth  analysis  and  more  network 
advantages  than  ever  before. Choose  Observer. 
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your  router  will  need  based  on  historical  usage  patterns  with 
Network  Trending. 

-foresight-  Predict  how  network  changes  will  affect 
your  response  times  with  "What-lf  Modeling  Analysis. 

-no  S  i  GRRL  -  Find  rogue  access  points,  monitor  access 
point  load  and  scan  wireless  channels  continuously  with  over 
50  WLAN  Expert  Conditions. 
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Recognized  as  the  pioneer  of  KVM  switch 
technology,  Rose  Electronics  offers  the 
industry’s  most  comprehensive  range  of 
server  management  products  such  as  KVM 


switches,  extenders  and  remote  access 


solutions.  Rose  Electronics  products  are 
known  for  their  quality,  scalability,  ease  of  use 
and  innovative  technology. 


Rose  Electronics  is  privately  held  with  world- 
headquarters  in  Houston,  Texas  and  sells  its 
products  worldwide  through  a  large  network  of 
Resellers  and  Distributors.  Rose  has 
operations  in  the  United  Kingdom,  Spain, 
Germany,  Benelux,  Singapore  and  Australia. 
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SERVERS  WITHIN  YC  UR  REACH 
FROM  ANYWHERE 


A  KVM  switch  allows  single  or  multiple 
workstations  to  have  local  or  remote  access  to 
multiple  computers  located  in  server  rooms  or 
on  the  desktop  regardless  of  their  platforms 
and  operating  systems.  KVM  switches  have 
traditionally  provided  cost  savings  in  reducing 
energy  and  equipment  costs  while  freeing  up 
valuable  real  estate. 


Local  or  Remote  Server  Management  Solutions 


UltraConsole 

PROFESSIONAL  SINGLE-USER 
KVM  SWITCH  SUPPORTS  UP 
TO  1000  COMPUTERS 


•  Connects  up  to  lOOO  computers  to  a  KVM  station 

•  Models  for  4,  8,16  computers 

•  Advanced  visual  interface  (AVI) 

•  Compatible  with  Windows,  Linux,  Solaris,  and  other  O/S 

•  Connects  to  PS/2,  Sun,  USB,  or  serial  devices 

•  Converts  RS232  serial  to  VGA  and  PS/2  keyboard 

•  Free  lifetime  upgrade  of  firmware 

•  Security  features  prevent  unauthorized  access 

•  Full  emulation  of  keyboard  and  mouse  functions  for  automatic, 
simultaneous  booting 

•  Easy  to  expand 
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UltraMatrix  Remote 

REMOTE  MULTIPLE  USER 
KVM  MATRIX  SWITCH 
ACCESS  OVER  IP  OR  LOCALLY 


Connects  1,000  computers  to  multiple  user  stations 
over  IP  or  locally 

High  quality  video  up  to  1280  x  1024 
Scaling,  scrolling,  and  auto-size  features 
Secure  encrypted  operation  with  login  and  computer 
access  control 

Advanced  visual  interface  (AVI) 

No  need  to  power  down  servers  to  install 
Free  lifetime  upgrade  of  firmware 
Available  in  several  models 
Easy  to  expand 
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Meridius  Security  Gateway 

99%  spam  detection  rate, 

0%  false  positives, 

100%  virus  blocking* 


Call  1.866.895.6931  and  get  a  $5000*  trade-in  credit 


*  Contact  a  BlueCat  Networks  representative  for  promotion  details.  Limited  time  offer.  Promotion  code:  8CN-M105 
t  "Scanning  for  Spam”,  Network  Computing  Magazine  Oct.  28,  2004 


BlueCat  Networks 

secure  networks,  simplified. 

Call  us:  Schedule  your  free  demo  today. 

1.866.895.6931  Visit  www.bluecatnetworks.com/meridius/nww 
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,  TAP  into  Performance 

netWOrKTAPs  ©  j  Monitor  mission-critical  links  with  the 

latest  technology  through  new  nTAPs 

Stop  jeopardizing  network  performance  and  risking  costly  downtime.  Be  confident  you 
have  maximum  visibility  into  your  full-duplex  links  by  configuring  an  /?TAP  solution  that 
fits  your  network  and  budget.  Visit  www.networkTAPs.com/visibility  today. 
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Ethernet  Copper  nTAP 

For  copper-to-copper  connections 
Choose  your  peed: 

10/100 . $395 

1(  100/1000 . $995 


10/100/1000  Conversion  nTAP 

Copper  input  with  copper  or 
her  output  options 
Choose  your  analysis  output: 


SX.... . $1,995 

LX.. . . . $1,995 


Optical  Fiber  nTAP 

Multiple  split  ratios 

Choose  your  port  density: 

Single  channel . 

$395 

Four  channel . 

$1,795 

Six  channel . 

$2,395 

To  learn  more  about  how  nTAPs  can  boost  your  network  visibility  and  which  configuration  option 
is  best  for  you,  go  to  www.networkTAPs.com/visibility  or  call  866-6ET-«TAP  today. 

Free  overnight  delivery* 
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'Free  overnight  delivery  on  all  U.S. orders  over  $300.00  confirmed  before  12  pm  CST. 

nTAP  and  the  nTAP  logo  are  trademarks  or  registered  trademarks  of  Network  Instruments,  LLC 
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•  Power  sensing 
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Monitoring  System  monitors  critical  environ¬ 
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room,  data  center,  or  telecomm  installation  and 
reports  to  you  instantly  when  events  threaten 
your  infrastructure.  The  IMS-4000  keeps  watch 
so  you  don't  have  to.  See  these  features  and 
more  on  the  web  at  www.ims-4000.com 
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Terminal  server  vendors,  who  proclaim  that 
they  have  Secure  Out  Of  Band  products,  rely 
on  RADIUS,  TACACS+  and  other  in-band 
protocols  to  provide  security.  By  inference, 
they  imply  they  secure  out  of  band  access 
when,  in  fact,  they  offer  only  network  security, 
which  conflicts  with  out  of  band  access: 

A  true  Secure  Out  of  Band  Management 
solution  should  provide  strong  security  without 
reliance  upon  network-based  protocols. 
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Qwest 

continued  from  page  9 

its  1,100-site  VPN  service  to  MCI.  The  net¬ 
work  connects  Toyota  and  Lexus  dealers 
across  the  country  to  Toyota’s  U.S.  head¬ 
quarters  in  Torrance,  Calif. 


“Verizon  is  a  much  better  choice,” 
Strickland  says.  It  is  more  financially  stable, 
and  its  products  are  more  complementary 
to  MCI’s,  he  says. 

However  prevalent,  customer  sentiments 
such  as  this  will  not  absolve  MCI  officials  of 
their  fiduciary  responsibility  to  fully  con¬ 


sider  the  Qwest  plea,  experts  agree. 

The  very  public  negotiations  between 
Qwest  and  MCI  hit  a  fevered  pitch  last 
week  with  an  op-ed  column  from 
Qwest’s  CEO  Richard  Notebaert  in  The 
Wall  Street  Journal  and  a  series  of  back- 
and-forth  letters. 
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TECHNOLOGY  TOUR  AND  EXPO 


THIS  EVENT  IS  COMING  TO  A  CITY  NEAR  YOU 


■  PHILADELPHIA,  PA  !  March  22,  2005 
WASHINGTON,  DC  March  24.  2005 
SEATTLE,  WA  March  29,  2005 
SAN  FRANCISCO,  CA  March  31,  2005 


Wireless  &  Mobility: 

Commanding  Broadband  Everywhere 

join  Craig  Mathias,  Principal  of  Farpoint  Group,  and  Keith  Shaw, 
Senior  Reviews  Editor,  at  this  complimentary  Network  World 
Technology  Tour  and  Expo  event. 

Technology  is  rapidly  solving  the  complexities  of  anytime-anywhere  wireless 
broadband. Yet  enterprises  are  suddenly  paralyzed  by  uncertainty  as  they 
face  crucial  decisions  about  their  own  wireless  networks.  Which  devices? 
Which  apps?  Which  technologies?  And  why?  Attend  this  direction-setting, 
confusion-ending  event  and  learn  how  to  command  broadband  everywhere. 
Register  now  to  attend  free. 


PRESENTING  SPONSORS 


bluesocket  /o> 

Bluesocket’s  Wireless  Gateways  tightly  manage 
and  secure  wireless  local  area  networks,  giving 
users  of  laptops  and  PDAs  wireless  access  to  high 
data  density  enterprise  networks  and  the  Internet 
while  moving  within  their  buildings  and  public 
coverage  areas  with  Secure  Mobility™. 


Meru 

NETWORKS 


Meru  Networks  is  the  leader  in  Voice  over 
Wireless  LAN  infrastructure,  and  makes  the  only 
enterprise  WLAN  infrastructure  that  delivers 
high-performance  data  and  toll-quality  wireless 
VoIP.  Meru's  Cellular  WLAN  infrastructure  is 
deployed  in  major  Fortune  500  accounts, 
universities,  and  healthcare  organizations. 


ColubrisNetworks 

Colubris  Networks  is  a  global  provider  of  secure, 
scalable  multi-service  wireless  LAN  (WLAN) 
systems  for  service  providers  and  enterprises. 
The  company's  award-winning  solution  delivers 
seamless,  secure  wireless  services  via  an  open, 
standards-based  architecture  that  seamlessly 
integrates  with  an  existing  LAN/WAN  transport, 
security  and  network  management  systems. 


SIEMENS 

Chantry  Networks  Corp,  an  affiliate  of  Siemens 
Communications,  Inc.,  will  showcase  its 
BeaconWorks™  WLAN  suite  of  products  which 
offer  unprecedented  scalability,  availability, 
and  unique  network  virtualization  features.  This 
technology  enables  out-of-the-box  compatibility 
with  wired  networks  and  provides  the  foundation 
for  wireless  voice  over  IP. 
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FOUNDRY 

NETWORKS 

Foundry  Networks  is  a  leading  provider  of 
high-performance  enterprise  and  service 
provider  switching,  routing  and  Web  traffic 
management  solutions  including  Layer  2/3  LAN 
switches,  Layer  3  Backbone  switches,  Layer  4-7 
application  switches,  Wireless  LAN  and  access 
points,  access  routers  and  Metro  routers. 


symbol 

The  Enterprise  Mobility  Company  " 

Symbol,  the  pioneer  of  wireless  networking, 
dramatically  changed  the  face  of  Wi-Fi  by 
introducing  the  WS5000  Wireless  Switch  in 
2002.  This  Symbol  innovation  continues  to 
deliver  un-matched  Security,  Manageability, 
Availability,  Reliability  and  low  Total  Cost  of 
Ownership.  Find  out  why  when  businesses 
depend  on  Wireless  Mobility,  they  choose 
Symbol. 


EXHIBITING  SPONSORS 


Wireless  &  Mobility:  Commanding  Broadband  Everywhere 

Register  now  at  www.nwfuslon.com/WMW5A4  or  call  1-800-643-4668 

To  join  sponsors  of  this  premier  Network  World  Event,  or  to  find  out  more  about  onsite  company  training,  please  contact 
Andrea  D’ Amato  at  1-508-490-6520  or  adamato@nww.com  for  free,  no-obligation  information 


Qwest  complained  in  one  missive  that 
MCI  had  not  been  forthcoming  with  finan¬ 
cial  information  in  earlier  negotiations.  MCI 
countered  Qwest’s  claims  in  a  letter  to 
Notebaert  stating  that  it  had  had  “25  in-per¬ 
son  meetings  and  more  than  50  joint  con¬ 
ference  calls”  with  Qwest. 

The  public  bickering  continued  through 
late  last  week  even  after  MCI  said  it  would 
review  Qwest’s  bid  up  until  March  17. 
Notebaert  issued  a  statement  saying,  “We 
are  also  concerned  that  the  process  over 
the  next  two  weeks  will  simply  be  process 
for  process  sake,  as  opposed  to  a  meaning¬ 
ful  evaluation  of  our  offer!’ 

MCI’s  counter;  “We  believe  that  construc¬ 
tive  dialogue  —  rather  than  rhetoric  —  is  in 
everyone’s  best  interest.  MCI  remains  com¬ 
mitted  to  a  full  and  meaningful  exchange 
of  information.” 

IDC’s  Winther  says  he  expects  Verizon  to 
sweeten  its  offer  if  it  appears  MCI  might 
start  leaning  in  Qwest’s  favor. 

Lehman  Brothers  says  Verizon  should 
avoid  a  bidding  war  with  Qwest  and  walk 
away  The  equity  research  firm  says  MCI’s 
board  could  find  it  difficult  not  to  accept 
Qwest’s  higher  bid  and  stronger  cost-reduc¬ 
tion  synergies. 

There  are  two  main  areas  where  Qwest  is 
finding  the  cost  savings.  The  company  is 
proposing  migrating  MCI’s  traffic  from  a 
variety  of  networks  onto  its  vast  OC-192 
fiber  optic  network.  The  carrier  also  is 
proposing  up  to  7,000  more  job  cuts  than 
Verizon.  ■ 
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Connecting  America ’s  Communities 


April  18-19,  2005  |  Reston,  VA  |  Hyatt  Regency 


Wh  e  re '  s  your  n  ext 
big  oppor 

“Community  leaders  have  embraced  broadband  technologies 


as  means  of  stimulating  regional  economic  development  by 
offering  ubiquitous  high  speed  Internet  access,  digital  video, 
j|v  and  IP  telephony  services.  ” 

-  The  Yankee  Group  - 


Digital  City  is  a  national  conference  and  forum  whose  goal  is  to  advance  municipal 
broadband  infrastructure  and  applications  across  America's  communities. 


Whether  you  are  seeking  the  latest  information  about... 

•  Fiber  Optic  Networks 

•  WiMax  and  WiFi  Metronets 

•  Triple-Play  Operation  Strategies 


Or  you  want  to  make  contact  with  community  implementers... 

•  City  Managers 

•  City  IT  Directors 

•  Community  Developers 


You  will  find  what  you  are  looking  for  at  Digital  City  EXPO! 


.  -  ■ 


KEYNOTES: 
Berge  Ayvazian  -  The  Yankee  Group 
Clark  McLeod  -  Opportunitylowa 


Elizabeth  (Libby)  Beaty  -  NATOA 
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And  more... 
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SPEAKERS:  . 

Paul  T  Morris  -  UTOPIA;  '.;; 


Pari  Sabety  -  Brookings 

Tom  Barzee  -  City  of  North  Kansas  City,: .MQ  :  ■  «: 
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Visit  our  website  at  www.digitalcityexpo.com  to  learn  more  about  Digital  City  EXPO. 


Leonard  Scott  -  City  of  Corpus  Christ):  Tx 
James  Salter  -  Atlantic  Engineering  Groci 
Bill  Moroney  -  United  Telecom  Council' 
Scott  Wilkinson  -  Hitachi  Telecom 
Kevin  Garlick  -  City  of  Provo, 1 
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BackSpin 


Mark  Gibbs 


Smart  technology,  dumb  people 


couple  of  weeks  ago  my 
esteemed  Network  World 
columnist  colleague  Scott 
Bradner  wrote  about  the  minor  furor 
surrounding  Brittan  Elementary 
School  in  Sutter,  Calif,  (www.nwfu 
sion.com,  DocFinder:  6141).To 
refresh  your  memory,  this  was  the 
school  that  tried  to  get  students  to  wear  ID  badges 
with  embedded  RFID  chips. 

The  problem  the  school  officials  ran  into  didn’t 
have  anything  to  do  with  technology,  but  rather  their 
own  naivete  when  it  came  to  “selling”  the  project  to 
the  community 

The  project  was  proposed  to  the  school  by  InCom, 
a  company  founded  by  two  teachers  to  sell  a  system 
called  InClass  intended  to  automatically  handle 
attendance  taking,  reporting  and  security 

I  suspect  that  InCom  was  just  as  naive  as  the 
Brittan  school  board  because  there  were  so  many 
flawed  decisions  in  how  this  particular  was  con- 
ceived.Two  major  d’ohs  come  to  mind:  the  foolish 
assertion  that  the  system,  as  implemented,  would 
improve  security  at  the  school,  and  the  deployment 
of  RFID  sensors  to  monitor  bathroom  access. 

Improved  security  is  misleading  because,  while  the 
school  would  know  when  students  left  buildings  at 
unexpected  times,  without  controlled  access  doors 
and  the  use  of  badges  by  all  staff  and  students,  it 
would  do  nothing  to  detect  intruders. 


As  for  the  bathroom  monitoring,  there  doesn’t  seem 
to  be  a  solid  plan  for  how  that  data  would  be  used, 
but  there’s  the  obvious  concern  that  bureaucratic 
zeal  could  have  student  biobreaks  being  tallied  and 
documented. 

While  there  are  many  aspects  of  this  case  that 
demonstrate  a  remarkable  lack  of  thinking  by  people 
who  are  supposed  to  teach  just  that,  there’s  also  a 
touch  of  a  predictable  reactionary  response  to  the 
increased  monitoring. 

People’s  concerns  over  what  data  is  captured  how 
that  data  will  be  used  and  interpreted  and  by  whom 
are  real  and  need  addressing,  but  the  scenarios  peo¬ 
ple  put  forward  to  illustrate  potential  abuse  tend  to 
be  extreme. 

Take  Bradner’s  example:“Sounds  like  an  ideal 
enabler  for  someone  wanting  to  snatch  a  kid  —  just 
set  up  an  RFID  scanner  beside  the  path  in  the 
woods,  and  you  will  be  told  when  the  target  kid 
walks  by  with  his  ID  tag  in  his  bag.” 

This  is  not  a  realistic  risk.This  is  a  pop  culture 
boogeyman  story  Any  kidnapper  who  is  that  deter¬ 
mined  to  take  a  child  wouldn’t  bother  hanging  out 
in  the  woods  with  an  RFID  scanner  waiting  for  Little 
Red  Riding  Hood.  He  would  be  more  direct. 

Now,  my  intention  is  not  to  pick  on  Bradner  (who 
did  make  some  good  points  in  his  column),  but 
rather  to  highlight  that  the  problem  is,  once  again, 
not  with  the  technology  but  with  the  dumb  people 
who  fail  to  think  about  what  they  are  doing  with  it. 


www.nwfusion.com 


My  family  would  be  happy  to  see  our  son’s  school 
use  such  a  system.  We’d  like  the  idea  that  the  school 
was  proactive  about  security  and  facilities  manage¬ 
ment,  but  the  Is  would  have  to  be  dotted  and  theT’s 
crossed  when  it  came  to  the  specifics  of  what,  how 
and  why  the  data  from  such  a  system  would  be  used. 

That  said,  there  are  two  particular  aspects  of  the 
system  that  could  offer  significant  benefits.  First,  for 
large  schools  where  there  is  a  vandalism  problem, 
RFID  tracking  of  student  IDs  would  make  it  easier  to 
determine  which  students  were  in  a  problem  loca¬ 
tion  when  the  school  incurred  damage. 

The  second  benefit  is  such  systems  could  improve 
safety  For  example, with  student  tracking  in  place,  if  a 
fire  broke  out  the  administration  would  know  with  a 
greater  degree  of  certainty  that  no  students  were  left 
in  buildings. 

Once  again,  we  have  an  example  of  a  smart  tech¬ 
nology  that  suffered  from  dumb  implementation  and 
a  dumb,  knee-jerk,  negative  response.  Even  so,  this 
type  of  system  will  become  commonplace  in 
schools  whether  we  like  it  or  not. The  only  thing  that 
will  delay  this  trend  will  be  how  long  it  takes  the  ven¬ 
dors  and  adopters  to  stop  being  dumb  about  deploy¬ 
ment  and  get  smart  about  the  hows  and  whys. 

Tell  me  how  and  why  at  backspin@gibbs.com.  Oh,  by 
the  way,  check  out  Gearhead’s  new  blog  called,  not  sur¬ 
prisingly,  Gearblog,  which  can  be  found  at  www.nw 
fusion,  com /weblogs/ gearblog/. 
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News,  insights,  opinions  and  oddities 


By  Paul  McNamara 

Software's  interplanetary  dialogue 

Software  developers  are  from  Mars, 
and  lawyers  are  from  Venus. To  the 

extent  the  two  must  interact  —  and  the  current  state  of  intellectual  property 
law  dictates  they  must  —  someone  has  to  help  with  the  translation. 

Dan  Bricklin  believes  he  is  just  the  guy  IT  executives  should  turn  to  for  that  job. 

A  software  sage  best  known  for  co-authoring  the  first  spreadsheet,  VisiCalc, 
Bricklin  has  a  new  project  involving  tools  unfamiliar  to  the  typical  developer: 
pancake  makeup,  klieg  lights  and  a  video  camera.  He’s  producing  a  training 
video  that  aims  to  bridge  what  can  often  be  a  chasm  between  the  needs  and 
desires  of  corporate  software  developers  to  use  open  source  code,  and  the 
fears  of  company  lawyers  who  see  nothing  but  liability  lurking  in  every  line.The 
50-minute  tape  is  being  polished  and  could  be  available  through  Bricklin’s 
www.softwaregarden.com  as  soon  as  next  month. 

“There  really  is  a  need  for  this  because  a  lot  of  people  don't  know  why  they 
should  be  paying  attention  to  the  legal  aspects,”  says  Bricklin,  who  founded 
Trellix  in  1996  and  sold  the  company  to  Interland  two  years  ago.  “In  the  last 
year  or  so  it’s  gotten  very  critical.  One  reason  is  that  people  care  more  in  many 
ways  about  the  legal  issues  that  were  always  there  but  sort  of  got  swept  under 
the  rug.  With  the  SCO  lawsuit,  IBM  and  Linux  have  been  doing  a  really  good  job 
of  defending  themselves  so  far.  If  you  look  at  that,  you  go,  'Wait,  if  I  was  sued 
could  I  defend  myself  that  way  as  a  corporation?'” 

Companies  also  need  to  know  what’s  what  within  their  homegrown  soft¬ 
ware  when  it  comes  time  for  mergers  and  acquisitions,  Bricklin  says.  “When 
companies  are  purchasing  other  companies,  they're  starting  to  ask  for  much 
more  due  diligence  when  it  comes  to  any  use  of  open  source  —  or  any 


licenses  period,”  he  says. 

As  a  longtime  developer,  Bricklin  hopes  that  his  ability  to  speak  that  language 
—  coupled  with  years  of  first-hand  experience  in  the  trenches  of  software- 
related  intellectual  property  law  —  will  imbue  his  tape  with  the  necessary 
authority  and  the  voice  of  a  kindred  soul.  One  aspect  of  that  connection  with 
developers  will  be  to  get  them  to  appreciate  that  corporate  concerns  about 
open  source  are  not  merely  based  on  bias  or  ignorance. 

“There  are  companies  that  say,  ‘Look,  we  understand  what’s  going  on  here 
[with  open  source],  but  due  to  the  nature  of  our  business  we  can't  use  GPL 
code,'”  Bricklin  says.  “How  do  I  explain  that  to  developers? That's  one  of  the 
things  I  cover  in  the  tape,  that  there  are  cases  where  that’s  just  the  way  it  is. 

It's  not  that  your  company  is  being  evil  or  dumb.” 

Make  no  mistake,  however;  Bricklin  is  an  open  source  advocate. 

“You  shouldn’t  go  overboard  in  pushing  ‘no  open  source,”'  he  says.  “That  would 
be  a  very  dumb  move  from  a  corporate  viewpoint  to  ignore  what’s  available.” 

A  “just  say  no”  policy  is  ill-advised  for  at  least  two  reasons,  he  says. 

“First  of  all,  a  lot  of  developers  will  not  be  happy  with  that  because  it  closes 
off  a  large  venue  of  stuff  that  can  help  them  get  their  job  done,”  he  says. 

The  second  reason:  Well,  “just  say  no”  doesn’t  work  any  better  with  software 
developers  than  with  children;  some  are  going  to  go  ahead  and  play  with  fire  no 
matter  what  the  grown-ups  are  saying. 

“I  don't  tell  you  exactly  that  you’re  allowed  to  do  this  and  you're  not  allowed  to 
do  that;  I  can't  do  that  because  different  companies  make  different  decisions,” 
Bricklin  says.  “But  I  sort  of  put  it  ali  in  context  so  that  when  you  discuss  it  with 
your  corporate  lawyers  or  you're  trying  to  determine  what  your  policy  is  at 
least  you  understand  the  whole  landscape.” 

Any  thoughts  to  share?  The  address  is  buzz@nww.com. 
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